Paser24

**Name of the Vulnerable Software and Affected Versions** MediaWiki MobileFrontend extension versions prior to 1.34.4 **Description** The issue exists due to the mishandling of section.line during regex section line replacement from PageGateway. An attacker can exploit this by using crafted HTML to elicit an XSS attack via jQuery's `parseHTML` method. This can cause image callbacks to fire even without the element being appended to the DOM. **Recommendations** For versions prior to 1.34.4, update to version 1.34.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of jQuery's `parseHTML` method until a patch is applied.