An issue exists in the CheckUser extension in MediaWiki prior to 1.35.14, 1.36.x up to and including 1.39.x prior to 1.39.6, and 1.40.x prior to 1.40.2. XSS can occur via message definitions. e.g., in SpecialCheckUserLog.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mediawiki mediawiki |