Vulnerabilities

CVE-2023-22911

by Fred · Published 10/01/2023 · Updated 10/01/2023

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. E-Widgets does widget replacement in HTML attributes, which can lead to XSS, because widget authors often do not expect that their widget is executed in an HTML attribute context.

Date published : 2023-01-10

https://phabricator.wikimedia.org/T149488

Similar

Tags: Cybersecurity Alert