Blankeclair

**Name of the Vulnerable Software and Affected Versions** ManageWiki versions before commit f504ed8 **Description** The issue is related to SQL injection when renaming a namespace in Special:ManageWiki/namespaces, specifically when using a page prefix with an injection payload. This occurs in ManageWiki, a MediaWiki extension for managing wikis. **Recommendations** For versions before commit f504ed8, as a temporary workaround, consider setting `$wgManageWiki['namespaces'] = false;` to mitigate the risk of SQL injection. At the moment, there is no information about a newer version that contains a fix for this vulnerability, but it has been patched in commit f504ed8.

Name of the Vulnerable Software and Affected Versions: Mediawiki - Version Compare Extension versions 1.39 through 1.43 Description: The issue is related to Improper Encoding or Escaping of Output, which allows Cross-Site Scripting (XSS) in the Mediawiki - Version Compare Extension. Recommendations: For versions 1.39 through 1.43, update to a version that fixes the Improper Encoding or Escaping of Output issue to prevent Cross-Site Scripting (XSS). At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Mediawiki - AJAX Poll Extension versions 1.39 through 1.43 Description: The issue is related to Improper Input Validation, which allows Cross-Site Scripting (XSS) in the Mediawiki - AJAX Poll Extension. Recommendations: For versions 1.39 through 1.43, update to a version that fixes the Improper Input Validation issue to prevent Cross-Site Scripting (XSS). As a temporary workaround, consider restricting user input to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Mediawiki - Tabs Extension versions 1.39 through 1.43 Description: The issue is related to an Improper Input Validation vulnerability that allows Code Injection in the Mediawiki - Tabs Extension. Recommendations: For versions 1.39 through 1.43, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Mediawiki - Confirm Account Extension versions 1.39 through 1.43 Description: The issue is related to improper encoding or escaping of output, which enables Cross-Site Scripting (XSS) in the Mediawiki - Confirm Account Extension. This is due to an output escaping issue. Recommendations: For versions 1.39 through 1.43, consider disabling the affected extension until a patch is available to prevent Cross-Site Scripting (XSS) attacks. Restrict access to sensitive areas of the application that utilize the Confirm Account Extension to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Mediawiki - HTML Tags versions 1.39 through 1.43 Description: The issue is related to improper input validation, allowing Cross-Site Scripting (XSS) in Mediawiki - HTML Tags. This is due to a lack of proper validation of user input, which can lead to malicious scripts being executed on the client-side. Recommendations: For versions 1.39 through 1.43, update to a version that includes the fix for this issue to prevent Cross-Site Scripting attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Mediawiki - Extension:SimpleCalendar versions 1.39 through 1.43 Description: The issue is related to an Improper Input Validation vulnerability that allows Cross-Site Scripting (XSS) in the Mediawiki - Extension:SimpleCalendar. Recommendations: For versions 1.39 through 1.43, update to a version that includes the fix for the Improper Input Validation vulnerability to prevent Cross-Site Scripting (XSS) attacks.

Name of the Vulnerable Software and Affected Versions: Lakeus versions 1.8.0 through 1.3.1 Lakeus versions prior to 1.3.1+REL1.39 Lakeus versions prior to 1.3.1+REL1.42 Lakeus versions prior to 1.4.0 Description: Lakeus is a simple skin made for MediaWiki. It is vulnerable to stored cross-site scripting via malicious system messages, though editing the messages requires high privileges. Those with `(editinterface)` rights can edit system messages that are improperly handled in order to send raw HTML. In the case of `lakeus-footermessage`, this will affect all users if the server is configured to link back to this repository. Otherwise, the system messages in themeDesigner.js are only used when the user enables it in their preferences. Recommendations: For Lakeus versions 1.8.0 through 1.3.1, update to version 1.3.1+REL1.39 or later. For Lakeus versions prior to 1.3.1+REL1.42, update to version 1.3.1+REL1.42 or later. For Lakeus versions prior to 1.4.0, update to version 1.4.0 or later. As a temporary workaround, consider restricting access to the `(editinterface)` rights to minimize the risk of exploitation. Avoid using the `lakeus-footermessage` system message until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Mediawiki - DataTransfer Extension versions 1.39.X through 1.39.10 Mediawiki - DataTransfer Extension versions 1.41.X through 1.41.2 Mediawiki - DataTransfer Extension versions 1.42.X through 1.42.1 **Description** The issue affects the Mediawiki - DataTransfer Extension, allowing Cross Site Request Forgery and Cross-Site Scripting (XSS) due to improper neutralization of input during web page generation. **Recommendations** For versions 1.39.X through 1.39.10, update to version 1.39.11 or later. For versions 1.41.X through 1.41.2, update to version 1.41.3 or later. For versions 1.42.X through 1.42.1, update to version 1.42.2 or later.

**Name of the Vulnerable Software and Affected Versions** Mediawiki - RefreshSpecial Extension versions 1.39.X through 1.39.11 Mediawiki - RefreshSpecial Extension versions 1.41.X through 1.41.3 Mediawiki - RefreshSpecial Extension versions 1.42.X through 1.42.2 **Description** The issue is related to improper neutralization of input during web page generation, allowing Cross-Site Scripting (XSS). This enables attackers to inject malicious scripts into web pages. **Recommendations** For versions 1.39.X through 1.39.11, update to a version after 1.39.11. For versions 1.41.X through 1.41.3, update to a version after 1.41.3. For versions 1.42.X through 1.42.2, update to a version after 1.42.2.

**Name of the Vulnerable Software and Affected Versions** Mediawiki - OpenBadges Extension versions 1.39.X through 1.39.10 Mediawiki - OpenBadges Extension versions 1.41.X through 1.41.2 Mediawiki - OpenBadges Extension versions 1.42.X through 1.42.1 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-Site Scripting (XSS). This allows for Cross-Site Scripting (XSS) in the Mediawiki - OpenBadges Extension. **Recommendations** For versions 1.39.X through 1.39.10, update to version 1.39.11 or later. For versions 1.41.X through 1.41.2, update to version 1.41.3 or later. For versions 1.42.X through 1.42.1, update to version 1.42.2 or later.

**Name of the Vulnerable Software and Affected Versions** Mediawiki - ArticleFeedbackv5 versions 1.42.X through 1.42.2 **Description** The issue is related to improper neutralization of input during web page generation, allowing Cross-Site Scripting (XSS). This enables attackers to inject malicious scripts into web pages, potentially leading to unauthorized actions or data theft. **Recommendations** For versions 1.42.X through 1.42.2, update to a version after 1.42.2 to resolve the issue. As a temporary workaround, consider restricting access to the `ArticleFeedbackv5` extension until a patch is available. Avoid using user-inputted data in the affected extension until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Mediawiki - Breadcrumbs2 extension versions 1.39.X through 1.39.11 Mediawiki - Breadcrumbs2 extension versions 1.41.X through 1.41.5 Mediawiki - Breadcrumbs2 extension versions 1.42.X through 1.42.4 **Description** The issue is related to improper neutralization of input during web page generation, allowing Cross-Site Scripting (XSS). This enables attackers to inject malicious scripts into web pages, potentially leading to unauthorized actions or data theft. **Recommendations** For versions 1.39.X through 1.39.11, update to a version after 1.39.11 to resolve the issue. For versions 1.41.X through 1.41.5, update to a version after 1.41.5 to resolve the issue. For versions 1.42.X through 1.42.4, update to a version after 1.42.4 to resolve the issue. As a temporary workaround, consider restricting access to the Breadcrumbs2 extension until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TabberNeue versions prior to 2.7.2 **Description** The issue arises from unescaped user input being used to construct HTML, allowing any user who can edit pages or render wikitext to perform cross-site scripting (XSS) attacks on other users. Specifically, in TabberTransclude.php, the user-supplied page name is not escaped when outputting, enabling an XSS payload to be used as the page name. This vulnerability can be exploited by rendering malicious wikitext, potentially allowing an attacker to trick victims into clicking on links to Special:ExpandTemplates with the malicious wikitext in the `wpInput` parameter. **Recommendations** For versions prior to 2.7.2, update to version 2.7.2 to patch this vulnerability. As a temporary workaround, consider restricting access to the TabberTransclude.php module to minimize the risk of exploitation. Additionally, avoid using unescaped user input in the `wpInput` parameter until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** ImportDump (affected versions not specified) **Description** The issue concerns the ImportDump mediawiki extension, which is designed to automate user import requests. A user's local actor ID is stored in the database to track who made what requests. However, if a user on another wiki has the same actor ID as someone on the central wiki, they can act as if they are the original wiki requester. This can be exploited to create new comments, edit requests, and view private requests. **Recommendations** Update to a version that includes the fix from commit `5c91dfc`. If an update is not possible, disable the special page outside of the global wiki, see `miraheze/mw-config@e566499` for details.

**Name of the Vulnerable Software and Affected Versions** CreateWiki (affected versions not specified) **Description** The issue concerns the CreateWiki extension used for requesting and creating wikis, where the name of requested wikis is not properly escaped on the Special:RequestWikiQueue page. This allows a user to insert arbitrary HTML, which can be displayed in the request wiki queue. If a wiki creator encounters the malicious payload, their user session can be exploited to retrieve deleted wiki requests containing private information. Similarly, this can be abused to view sensitive information by those with the ability to suppress requests. **Recommendations** To resolve the issue, apply the patch with commit `693a220`. As a temporary workaround, consider disabling Javascript and/or preventing access to the vulnerable page `Special:RequestWikiQueue` until the patch is applied.

**Name of the Vulnerable Software and Affected Versions** Mediawiki - Cargo versions 3.6.X through 3.6.0 **Description** A Cross-Site Request Forgery (CSRF) issue affects the software, allowing Cross Site Request Forgery attacks. **Recommendations** For versions 3.6.X through 3.6.0, update to version 3.6.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mediawiki - CSS Extension versions 1.39.X through 1.39.8 Mediawiki - CSS Extension versions 1.41.X through 1.41.2 Mediawiki - CSS Extension versions 1.42.X through 1.42.1 **Description** The issue is related to a Path Traversal vulnerability, which allows improper limitation of a pathname to a restricted directory. This vulnerability exists in The Wikimedia Foundation Mediawiki - CSS Extension, enabling Path Traversal. **Recommendations** For versions 1.39.X through 1.39.8, update to version 1.39.9 or later. For versions 1.41.X through 1.41.2, update to version 1.41.3 or later. For versions 1.42.X through 1.42.1, update to version 1.42.2 or later.

**Name of the Vulnerable Software and Affected Versions** Mediawiki - Cargo versions 3.6.X through 3.6.0 **Description** The issue affects Mediawiki - Cargo, allowing Cross-Site Scripting (XSS). This is due to an Improper Neutralization of Input During Web Page Generation vulnerability. **Recommendations** For versions 3.6.X through 3.6.0, update to version 3.6.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mediawiki - CSS Extension versions 1.39.X through 1.39.8 Mediawiki - CSS Extension versions 1.41.X through 1.41.2 Mediawiki - CSS Extension versions 1.42.X through 1.42.1 **Description** The issue is related to improper encoding or escaping of output, which allows code injection. This is a Code Injection Vulnerability in the Mediawiki CSS Extension. **Recommendations** For versions 1.39.X through 1.39.8, update to version 1.39.9 or later. For versions 1.41.X through 1.41.2, update to version 1.41.3 or later. For versions 1.42.X through 1.42.1, update to version 1.42.2 or later.