Dylan-Fa

**Name of the Vulnerable Software and Affected Versions** ShortDescription versions prior to 2.3.4 **Description** A cross-site scripting (XSS) issue exists in the ShortDescription MediaWiki extension. This allows XSS to be triggered on any page or the page with the action=info parameter, which displays the shortdesc property, using the wikitext `{{SHORTDESC:<img src=x onerror=alert()>}}`. **Recommendations** For versions prior to 2.3.4, update to version 2.3.4 to resolve the issue. As a temporary workaround, consider restricting the use of the `{{SHORTDESC:}}` wikitext until a patch is applied. Avoid using the `onerror` parameter in the `img` tag within the ShortDescription wikitext until the issue is resolved.