Gilang Romadon

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions through 1.35.2 PageForms extension for MediaWiki versions through 1.35.2 **Description** An issue was discovered in the PageForms extension for MediaWiki, allowing for XSS on certain PageForms-managed MediaWiki pages. This is achieved through crafted payloads for Token-related query parameters. **Recommendations** For MediaWiki versions through 1.35.2, update to a version that contains a fix for this issue. For PageForms extension for MediaWiki versions through 1.35.2, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.