Note:
This project will be discontinued after December 13, 2021. [more]
2020-01-08
The WikibaseMediaInfo extension 1.35 for MediaWiki allows XSS because of improper template syntax within the PropertySuggestionsWidget template (in the templates/search/PropertySuggestionsWidget.mustache+dom file).
Products | Mediawiki |
Type | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79) |
First patch | - None (likely due to unavailable code) |
Links |
• https://gerrit.wikimedia.org/r/558203
• https://phabricator.wikimedia.org/T240773 |