CVE-2024-23179

描述

An issue was discovered in the GlobalBlocking extension in MediaWiki before 1.40.2. For a Special:GlobalBlock?uselang=x-xss URI, i18n-based XSS can occur via the parentheses message. This affects subtitle links in buildSubtitleLinks.

受影響套件(1)

• Bitnami/mediawikifrom 0, < 1.41.1

CVSS 分數

參考連結(3)

• WEBhttps://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/message/TDBUBCCOQJUT4SCHJNPHKQNPBUUETY52/
• WEBhttps://nvd.nist.gov/vuln/detail/CVE-2024-23179
• WEBhttps://phabricator.wikimedia.org/T347746