MediaWiki prior to 1.36.2 allows XSS. Month related MediaWiki messages are not escaped before being used on the Special:Search results page.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mediawiki mediawiki |
||
fedoraproject fedora 33 |
||
fedoraproject fedora 34 |
||
fedoraproject fedora 35 |