Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Input Validation in GlobalNewFiles
Vulnerability Description
GlobalNewFiles is a MediaWiki extension maintained by Miraheze. Prior to commit number cee254e1b158cdb0ddbea716b1d3edc31fa4fb5d, the username column of the GlobalNewFiles special page is vulnerable to a stored XSS. Commit number cee254e1b158cdb0ddbea716b1d3edc31fa4fb5d contains a patch. As a workaround, one may disallow <,> (or other characters required to insert html/js) from being used in account names so an XSS is not possible.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Vulnerability Type
输入验证不恰当
Vulnerability Title
MediaWiki GlobalNewFiles 输入验证错误漏洞
Vulnerability Description
GlobalNewFiles是美国维基媒体(MediaWiki)基金会的一个扩展,提供了一个特殊的页面在全球范围内查看wiki farm的所有文件。 GlobalNewFiles 存在输入验证错误漏洞,该漏洞源于GlobalNewFiles 特殊页面的用户名列容易受到存储型 XSS 的攻击。
CVSS Information
N/A
Vulnerability Type
N/A