Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cross-Site Scripting in the extensions, settings, permissions and namespaces subpages of ManageWiki
Vulnerability Description
ManageWiki is a MediaWiki extension allowing users to manage wikis. Special:ManageWiki does not escape escape interface messages on the `columns` and `help` keys on the form descriptor. An attacker may exploit this and would have a cross site scripting attack vector. Exploiting this on-wiki requires the `(editinterface)` right. Users should apply the code changes in commits `886cc6b94`, `2ef0f50880`, and `6942e8b2c` to resolve this vulnerability. There are no known workarounds for this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
ManageWiki 跨站脚本漏洞
Vulnerability Description
ManageWiki是Miraheze开源的一个扩展。 ManageWiki 886cc6b94587f1c7387caa26ca9fe612e01836a0之前版本存在跨站脚本漏洞,该漏洞源于存在跨站脚本漏洞。
CVSS Information
N/A
Vulnerability Type
N/A