Aidilarf28

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions prior to 1.35.5 MediaWiki versions 1.36.x prior to 1.36.3 MediaWiki versions 1.37.x prior to 1.37.1 **Description** An issue was discovered in the WikibaseMediaInfo component, which is vulnerable to XSS via the `caption` fields for a given media file. This allows for potential exploitation through the manipulation of these fields. **Recommendations** For MediaWiki versions prior to 1.35.5, update to version 1.35.5 or later. For MediaWiki versions 1.36.x prior to 1.36.3, update to version 1.36.3 or later. For MediaWiki versions 1.37.x prior to 1.37.1, update to version 1.37.1 or later. As a temporary workaround, consider restricting access to the WikibaseMediaInfo component until a patch is applied. Avoid using the `caption` fields in the affected media files until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions 1.35.5 and earlier, 1.36.x before 1.36.3, 1.37.x before 1.37.1 **Description** The issue is related to Blind Stored XSS via a URL to the Upload Image feature. This could allow a remote attacker to conduct a cross-site scripting (XSS) attack. The vulnerability exists due to inadequate protection of the web page structure in the VisualEditor component of MediaWiki. **Recommendations** For MediaWiki versions 1.35.5 and earlier, update to version 1.35.5 or later. For MediaWiki versions 1.36.x before 1.36.3, update to version 1.36.3 or later. For MediaWiki versions 1.37.x before 1.37.1, update to version 1.37.1 or later. As a temporary workaround, consider restricting access to the Upload Image feature until a patch is applied.