Agentisai

**Name of the Vulnerable Software and Affected Versions** ManageWiki (affected versions not specified) **Description** ManageWiki is a MediaWiki extension that allows users to manage wikis. The issue arises because Special:ManageWiki does not properly escape interface messages on the `columns` and `help` keys on the form descriptor. This oversight can be exploited by an attacker to launch a cross-site scripting attack. To exploit this vulnerability on-wiki, the attacker would need to have the `(editinterface)` right. **Recommendations** To resolve this vulnerability, users should apply the code changes in commits `886cc6b94`, `2ef0f50880`, and `6942e8b2c`. As a temporary workaround, consider restricting access to the Special:ManageWiki page until the code changes are applied. Avoid using the `columns` and `help` keys on the form descriptor in the affected ManageWiki extension until the issue is resolved.