Grunny

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions 1.31.12 and earlier MediaWiki versions 1.32.x through 1.35.x before 1.35.2 **Description** The issue exists due to the lack of protection for the web page structure, allowing a remote attacker to conduct cross-site scripting (XSS) attacks. On ChangesList special pages, such as Special:RecentChanges and Special:Watchlist, some label messages are output in HTML unescaped, leading to XSS. **Recommendations** For MediaWiki versions 1.31.12 and earlier, update to version 1.31.12 or later. For MediaWiki versions 1.32.x through 1.35.x before 1.35.2, update to version 1.35.2 or later. As a temporary workaround, consider restricting access to the ChangesList special pages, such as Special:RecentChanges and Special:Watchlist, until a patch is available.

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions prior to 1.31.12 MediaWiki versions 1.32.x through 1.35.x before 1.35.2 **Description** An issue in MediaWiki leads to XSS due to the output of mediastatistics-header-* messages in HTML unescaped on Special:NewFiles. This could allow a remote attacker to impact the confidentiality and integrity of protected information. **Recommendations** For MediaWiki versions prior to 1.31.12, update to version 1.31.12 or later. For MediaWiki versions 1.32.x through 1.35.x before 1.35.2, update to version 1.35.2 or later. As a temporary workaround, consider restricting access to the Special:NewFiles page until a patch is available.

**Name of the Vulnerable Software and Affected Versions** MediaWiki PageTriage extension (affected versions not specified) **Description** A cross-site scripting (XSS) issue exists in the PageTriage toolbar of the PageTriage extension for MediaWiki. This allows remote attackers to inject arbitrary web script or HTML via the page title. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions prior to 1.23.10 MediaWiki versions 1.24.x prior to 1.24.3 MediaWiki versions 1.25.x prior to 1.25.2 **Description** The issue concerns the `ApiBase::getWatchlistUser` function, which does not perform token comparison in constant time. This allows remote attackers to guess the watchlist token via a timing attack, effectively bypassing CSRF protection. **Recommendations** For MediaWiki versions prior to 1.23.10, update to version 1.23.10 or later. For MediaWiki versions 1.24.x prior to 1.24.3, update to version 1.24.3 or later. For MediaWiki versions 1.25.x prior to 1.25.2, update to version 1.25.2 or later.

**Name of the Vulnerable Software and Affected Versions** MediaWiki SemanticForms extension (affected versions not specified) **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The injection can occur via several parameters, including `section *`, `template *`, `label *`, or `new template` parameters to "Special:CreateForm", or `target` or `alt form` parameters to "Special:FormEdit". **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.