Jackmcbarn

**Name of the Vulnerable Software and Affected Versions** MediaWiki Scribunto extension (affected versions not specified) **Description** A cross-site scripting (XSS) issue exists due to improper handling of a function name in a Lua error backtrace, allowing remote attackers to inject arbitrary web script or HTML. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions 1.21.x through 1.23.x before 1.23.7 MediaWiki version 1.22.x before 1.22.14 **Description** The issue allows remote attackers to conduct cross-site scripting (XSS) attacks by setting the content model for a revision to JS when the `$wgContentHandlerUseDB` variable is enabled. **Recommendations** For MediaWiki versions 1.21.x, update to a version after 1.23.7 or apply the necessary configuration changes to disable the `$wgContentHandlerUseDB` variable. For MediaWiki version 1.22.x before 1.22.14, update to version 1.22.14 or later. For MediaWiki version 1.23.x before 1.23.7, update to version 1.23.7 or later.