Back

CVE-2024-34500

May 5, 2024, 7:15 p.m.

Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

MediaWiki

  • before 1.39.6
  • 1.40.x before 1.40.2
  • 1.41.x before 1.41.1

Source

cve@mitre.org

Tags

cve@mitre.org
2024-05-05
CVE-2024-34500

CVE-2024-34500 details

Published : May 5, 2024, 7:15 p.m.
Last Modified : May 5, 2024, 7:15 p.m.

Description

An issue was discovered in the UnlinkedWikibase extension in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. XSS can occur through an interface message. Error messages (in the $err var) are not escaped before being passed to Html::rawElement() in the getError() function in the Hooks class.

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description

References

URL Source
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/UnlinkedWikibase/+/1002175 cve@mitre.org
https://phabricator.wikimedia.org/T357203 cve@mitre.org
This website uses the NVD API, but is not approved or certified by it.