Somemwdev

**Name of the Vulnerable Software and Affected Versions** Bucket versions prior to 1.0.0 **Description** The Bucket MediaWiki extension has an issue where infinite recursion can occur when querying a bucket using the `!=` comparator. This can lead to PHP exceeding its call stack limit and increased memory consumption, potentially resulting in a denial of service. **Recommendations** Update to version 1.0.0 or later.

**Name of the Vulnerable Software and Affected Versions** 3DAlloy versions 1.0 through 1.8 **Description** 3DAlloy is a lightWeight 3D-viewer for MediaWiki. The `<3d>` parser tag and the `{{#3d}}` parser function do not sanitize user-provided attributes, allowing arbitrary JavaScript to be inserted and executed when appended to the canvas HTML element. **Recommendations** Update to a version of 3DAlloy newer than 1.8.

**Name of the Vulnerable Software and Affected Versions** Tilesheets MediaWiki Extension (affected versions not specified) **Description** The Tilesheets MediaWiki Extension includes a table lookup parser function that retrieves images based on item requests. A missing backtick in a query executed by the extension allows for the potential insertion and execution of malicious SQL code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions:** DiscordNotifications extension for MediaWiki (affected versions not specified) **Description:** The DiscordNotifications extension for MediaWiki allows sending requests to arbitrary URLs set via configuration variables `$wgDiscordIncomingWebhookUrl` and `$wgDiscordAdditionalIncomingWebhookUrls`. This can lead to a denial-of-service (DOS) attack by causing the server to read large files. Server-Side Request Forgery (SSRF) is also possible if internal, unprotected APIs are accessible via HTTP POST requests, potentially leading to Remote Code Execution (RCE). **Recommendations:** Update to a version containing commit 1f20d850cbcce5b15951c7c6127b87b927a5415e.

Name of the Vulnerable Software and Affected Versions: Citizen MediaWiki skin versions 1.9.4 through 3.4.0 Description: The Citizen MediaWiki skin has an issue where page descriptions are inserted into raw HTML without proper sanitization when using the old search bar. This allows any user with page editing privileges to insert cross-site scripting (XSS) payloads into the DOM for other users who are searching for specific pages. Recommendations: For versions 1.9.4 through 3.4.0, update to version 3.4.0 to resolve the issue. As a temporary workaround, consider disabling the old search bar until a patch is available. Restrict access to page editing privileges to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Citizen MediaWiki skin versions 1.9.4 through 3.4.0 Description: The Citizen MediaWiki skin has an issue where short descriptions set via the ShortDescription extension are inserted as raw HTML, allowing any user to insert arbitrary HTML into the DOM by editing a page. This issue has been patched in version 3.4.0. Recommendations: For versions 1.9.4 through 3.4.0, update to version 3.4.0 to patch this issue. As a temporary workaround, consider restricting the use of the ShortDescription extension until the update is applied.

Name of the Vulnerable Software and Affected Versions: TabberNeue versions 3.0.0 through 3.1.0 Description: The issue allows any user to insert arbitrary HTML into the DOM by inserting a payload into any allowed attribute of the `<tabber>` tag, posing a significant security risk to user data. Recommendations: For versions 3.0.0 through 3.1.0, update to version 3.1.1 to resolve the issue. As a temporary workaround, consider restricting access to the `<tabber>` tag until the patch is applied.

**Name of the Vulnerable Software and Affected Versions** Citizen versions prior to 3.3.1 **Description** The issue arises from the insertion of various preferences messages into raw HTML, allowing editors of those messages to insert arbitrary HTML into the DOM. This could potentially lead to malicious activities. **Recommendations** For versions prior to 3.3.1, update to version 3.3.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Citizen versions prior to 3.3.1 **Description** The issue affects the Citizen MediaWiki skin, where system messages in menu headings using the Menu.mustache template are inserted as raw HTML. This allows users with the `editinterface` right to insert arbitrary HTML into the DOM, potentially impacting wikis. The estimated number of affected devices and real-world incidents are not specified. **Recommendations** For versions prior to 3.3.1, update to version 3.3.1 to resolve the issue. As a temporary workaround, consider restricting the `editinterface` user right to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Citizen versions prior to 3.3.1 **Description** The issue affects the Citizen MediaWiki skin, which integrates extensions into a cohesive experience. It allows users with the `editinterface` right to insert arbitrary HTML into the DOM by editing date messages returned by `Language::userDate`, potentially leading to security issues. This is particularly concerning for wikis where users have the `editinterface` but not the `editsitejs` user right. **Recommendations** For versions prior to 3.3.1, update to version 3.3.1 to resolve the issue. As a temporary workaround, consider restricting the `editinterface` user right to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MediaWiki Citizen Skin versions prior to 3.3.1 **Description** The issue concerns the Citizen MediaWiki skin, which allows extensions to be part of a cohesive experience. Specifically, the `citizen-search-noresults-title` and `citizen-search-noresults-desc` system messages are inserted into raw HTML. This allows anyone who can edit these messages to insert arbitrary HTML into the DOM, potentially leading to HTML injection. **Recommendations** For versions prior to 3.3.1, update to version 3.3.1 to resolve the issue. As a temporary workaround, consider restricting access to editing the `citizen-search-noresults-title` and `citizen-search-noresults-desc` system messages until the update is applied.

**Name of the Vulnerable Software and Affected Versions** mediawiki-skins-Citizen versions prior to 3.3.1 **Description** The issue affects MediaWiki skin Citizen, allowing stored XSS in Command Palette tip messages. This occurs because multiple system messages are inserted into the CommandPaletteFooter as raw HTML, enabling anyone who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the `editinterface` but not the `editsitejs` user right. **Recommendations** For versions prior to 3.3.1, update to version 3.3.1 to resolve the issue. As a temporary workaround, consider restricting the `editinterface` user right to prevent unauthorized editing of system messages.