Security
Headlines

Headlines Latest CVEs

Headline

GHSA-fmrf-p77g-vv5c: MediaWiki Cross-site Scripting vulnerability

An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate (from resources/wikibase/templates.js) for quotes (which can be in a title attribute).

1 year ago

#xss #vulnerability #js #git #php

MediaWiki Cross-site Scripting vulnerability

Moderate severity GitHub Reviewed Published Jun 30, 2023 to the GitHub Advisory Database • Updated Jun 30, 2023

Related news

An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate (from resources/wikibase/templates.js) for quotes (which can be in a title attribute).

1 year ago

#xss #js #java #php

ghsa: Latest News

GHSA-6gf2-ffq8-gcww: GHSL-2024-288: SickChill open redirect in login

16 hours ago

GHSA-j3f9-p6hm-5w6q: Carbon has an arbitrary file include via unvalidated input passed to Carbon::setLocale

17 hours ago

GHSA-cjgq-5qmw-rcj6: keras Path Traversal vulnerability

20 hours ago

GHSA-j4jw-m6xr-fv6c: Soft Serve vulnerable to path traversal attacks

23 hours ago

GHSA-mjf9-4pcv-vfg7: Apache OpenMeetings vulnerable to Deserialization of Untrusted Data

1 day ago