An issue exists in MediaWiki prior to 1.35.9, 1.36.x up to and including 1.38.x prior to 1.38.5, and 1.39.x prior to 1.39.1. E-Widgets does widget replacement in HTML attributes, which can lead to XSS, because widget authors often do not expect that their widget is executed in an HTML attribute context.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mediawiki mediawiki |
||
mediawiki mediawiki 1.39.0 |
||
fedoraproject fedora 37 |