Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cross-site Scripting (XSS) in Special:WikiDiscover when displaying wiki information in WikiDiscover
Vulnerability Description
WikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis. Special:WikiDiscover is a special page that lists all wikis on the wiki farm. However, the special page does not make any effort to escape the wiki name or description. Therefore, if a wiki sets its name and/or description to an XSS payload, the XSS will execute whenever the wiki is shown on Special:WikiDiscover. This issue has been patched with commit `2ce846dd93` and all users are advised to apply that patch. User unable to upgrade should block access to `Special:WikiDiscover`.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
WikiDiscover 安全漏洞
Vulnerability Description
WikiDiscover是Miraheze开源的一个用于CreateWiki托管农场的扩展。 WikiDiscover存在安全漏洞,该漏洞源于不会对wiki的名称或描述进行任何转义。攻击者利用该漏洞执行跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A