Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ApprovedRevs: Stored Cross-Site Scripting (XSS) via unsanitized system messages
Vulnerability Description
The ApprovedRevs extension for MediaWiki is vulnerable to stored XSS in multiple locations where system messages are inserted into raw HTML without proper escaping. Attackers can exploit this by injecting JavaScript payloads via the uselang=x-xss language override, which causes crafted message keys to be rendered unescaped. This issue affects Mediawiki - ApprovedRevs extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Wikimedia Mediawiki - ApprovedRevs Extension 安全漏洞
Vulnerability Description
Wikimedia Mediawiki - ApprovedRevs Extension是Wikimedia基金会的一个页面版本管理的扩展。 Wikimedia Mediawiki - ApprovedRevs Extension 1.39.13之前版本、1.42.7之前版本和1.43.2之前版本存在安全漏洞,该漏洞源于系统消息插入HTML时未正确转义,可能导致存储型跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A