PT-2026-55481 · Packagist · Mediawiki/Maps
Publicado
2026-07-02
·
Atualizado
2026-07-02
·
CVE-2026-52854
CVSS v3.1
8.6
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L |
Summary
Stored XSS through wikitext can be performed by inserting malicious HTML into the
overlays parameter of the display map parser function when using the leaflet service.Details
The maps extension doesn't escape overlay names before passing them to leaflet.
Leaflet then inserts them as HTML: https://github.com/ProfessionalWiki/Maps/blob/ca5139fabd75f3c34f47ea3fd161306506b053bc/resources/lib/leaflet/leaflet.js#L5243
PoC
Preview the following wikitext, using the default configuration options of the extension:
{{#display map:0,0|service=leaflet|overlays=OpenTopoMap.<img src=x onerror="alert(1);">}}Impact
Stored XSS can be performed by any user with the
edit permission.Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Mediawiki/Maps