Somerandomdeveloper

Name of the Vulnerable Software and Affected Versions Mediawiki - Wikilove Extension versions 1.43.7, 1.44.4, and 1.45.2 Description The Mediawiki - Wikilove Extension contains a flaw due to improper neutralization of alternate XSS syntax, which can lead to Cross-Site Scripting (XSS). Recommendations Update Mediawiki - Wikilove Extension to a version later than 1.45.2.

**Name of the Vulnerable Software and Affected Versions** Wikimedia Foundation MediaWiki - ProofreadPage Extension (affected versions not specified) **Description** A cross-site scripting issue exists in the ProofreadPage Extension. The issue is due to improper neutralization of input during web page generation, allowing for potential cross-site scripting attacks targeting non-script elements. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions The Wikimedia Foundation Mediawiki - GlobalWatchlist Extension (affected versions not specified) Description A cross-site scripting (XSS) issue exists in The Wikimedia Foundation Mediawiki - GlobalWatchlist Extension. This allows for XSS attacks. The issue affects non-release branches. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions Mediawiki - Cargo Extension versions prior to 3.8.7 Description A cross-site scripting (XSS) issue exists in the Mediawiki - Cargo Extension. This allows for XSS attacks targeting non-script elements due to improper input neutralization during web page generation. Recommendations Update Mediawiki - Cargo Extension to version 3.8.7 or later.

Name of the Vulnerable Software and Affected Versions MediaWiki - Cargo Extension versions prior to 3.8.7 Description A Stored Cross-Site Scripting (XSS) issue exists in the MediaWiki - Cargo Extension due to improper neutralization of script-related HTML tags. This allows for the injection of malicious scripts into web pages. Recommendations Update MediaWiki - Cargo Extension to version 3.8.7 or later.

Name of the Vulnerable Software and Affected Versions Mediawiki - Cargo Extension versions prior to 3.8.7 Description A stored cross-site scripting (XSS) issue exists in the Mediawiki - Cargo Extension due to improper neutralization of script-related HTML tags. This allows for the execution of malicious scripts within the context of a user's browser. Recommendations Update Mediawiki - Cargo Extension to version 3.8.7 or later.

**Name of the Vulnerable Software and Affected Versions** Mediawiki - Score Extension (affected versions not specified) **Description** The Mediawiki - Score Extension contains a cross-site scripting (XSS) issue due to improper neutralization of input during web page generation. This allows for the execution of malicious scripts within the context of a user's browser. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Scribunto versions 1.45.0 through 1.45.1 **Description** A security issue exists in the Wikimedia Foundation Scribunto software. **Recommendations** Update to version 1.45.2.

**Name of the Vulnerable Software and Affected Versions** Mediawiki - ApprovedRevs Extension versions 1.39 through 1.45 **Description** The Mediawiki - ApprovedRevs Extension contains a flaw related to improper encoding or escaping of output due to magic word replacement in ParserAfterTidy. This can lead to input data manipulation by bypassing the inline CSS sanitizer. **Recommendations** Update to a version later than 1.45.

**Name of the Vulnerable Software and Affected Versions** Mediawiki - GrowthExperiments Extension versions 1.39 through 1.45 **Description** The Wikimedia Foundation Mediawiki - GrowthExperiments Extension is susceptible to a Cross-Site Scripting (XSS) issue due to improper neutralization of input during web page generation. This allows for the execution of malicious scripts within the context of a user's browser. The issue occurs through edit summaries within the GrowthExperiments extension. **Recommendations** Update Mediawiki - GrowthExperiments Extension to a version later than 1.45. Update Mediawiki - GrowthExperiments Extension to a version later than 1.44. Update Mediawiki - GrowthExperiments Extension to a version later than 1.43. Update Mediawiki - GrowthExperiments Extension to a version later than 1.39.

**Name of the Vulnerable Software and Affected Versions** MediaWiki - Monaco Skin versions 1.39 through 1.45 **Description** An issue exists in MediaWiki - Monaco Skin related to improper neutralization of input during web page generation, which can lead to Cross-Site Scripting (XSS). This allows for the potential execution of malicious scripts within the context of a user's browser. **Recommendations** Update to a version later than 1.45.

**Name of the Vulnerable Software and Affected Versions** Mediawiki - Wikibase Extension versions 1.39 through 1.45 **Description** The Mediawiki - Wikibase Extension is susceptible to a Cross-Site Scripting (XSS) issue due to improper neutralization of input during web page generation. This allows for the injection of malicious scripts. The issue occurs through the autocomment system messages within Wikibase. **Recommendations** Update Mediawiki - Wikibase Extension to a version later than 1.45. Update Mediawiki - Wikibase Extension to a version later than 1.44. Update Mediawiki - Wikibase Extension to a version later than 1.43. Update Mediawiki - Wikibase Extension to a version later than 1.39.

**Name of the Vulnerable Software and Affected Versions** MediaWiki - ProofreadPage Extension versions 1.39 through 1.45 **Description** The MediaWiki - ProofreadPage Extension contains a flaw related to improper input neutralization during web page generation, leading to a Cross-Site Scripting (XSS) issue. This allows for the injection of malicious scripts into web pages. The issue involves a system message and a user-provided parameter. **Recommendations** Update MediaWiki - ProofreadPage Extension to a version later than 1.45. Update MediaWiki - ProofreadPage Extension to a version later than 1.44. Update MediaWiki - ProofreadPage Extension to a version later than 1.43. Update MediaWiki - ProofreadPage Extension to a version later than 1.39.

**Name of the Vulnerable Software and Affected Versions** MediaWiki CookieConsent extension versions 0.1.0 through 1.9.9 **Description** The Wikimedia Foundation MediaWiki CookieConsent extension contains a flaw related to improper input neutralization during web page generation, potentially leading to Cross-Site Scripting (XSS). This issue allows for the execution of malicious scripts within the context of a user's browser. **Recommendations** Update the MediaWiki CookieConsent extension to version 2.0.0 or later.

**Name of the Vulnerable Software and Affected Versions** Mediawiki - WikiLambda Extension versions prior to master. **Description** A flaw exists in the Mediawiki - WikiLambda Extension related to improper input neutralization during web page generation, leading to a Stored Cross-site Scripting (XSS) condition. This allows for the injection of malicious scripts into web pages. The vulnerability affects the master branch of the extension. **Recommendations** Update to a version of Mediawiki - WikiLambda Extension later than master.

**Name of the Vulnerable Software and Affected Versions** Mediawiki - WikiLove Extension version 1.39 **Description** The Wikimedia Foundation Mediawiki - WikiLove Extension contains a flaw related to improper input handling during web page creation, potentially leading to Stored Cross-site Scripting (XSS). This issue allows for the injection of malicious scripts into web pages. The vulnerability exists due to insufficient sanitization of user-supplied data. **Recommendations** Update Mediawiki - WikiLove Extension to a newer version that addresses this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mediawiki - PageTriage Extension versions prior to 1.44 **Description** A flaw exists in the Mediawiki - PageTriage Extension that allows for Stored Cross-site Scripting (XSS). This issue is due to improper neutralization of input during web page generation. The vulnerability could potentially allow an attacker to inject malicious scripts into web pages viewed by other users. **Recommendations** Update Mediawiki - PageTriage Extension to version 1.44 or later.

**Name of the Vulnerable Software and Affected Versions** Mediawiki - Wikistories versions prior to 1.44 **Description** A flaw exists in Mediawiki - Wikistories related to improper input handling during web page generation, potentially leading to Stored Cross-site Scripting (XSS). This issue could allow an attacker to inject malicious scripts into web pages viewed by other users. The vulnerability affects the Wikistories component of Mediawiki. **Recommendations** Update to a version newer than 1.44.

**Name of the Vulnerable Software and Affected Versions** Wikimedia Foundation Mediawiki - LanguageSelector Extension versions prior to 1.39 **Description** An improper neutralization of special elements in output used by a downstream component ('Injection') issue exists in the Mediawiki - LanguageSelector Extension. This allows for code injection. The issue affects the LanguageSelector Extension. **Recommendations** Update to version 1.39.

**Name of the Vulnerable Software and Affected Versions** Mediawiki - ExternalGuidance versions prior to 1.39 **Description** The software contains a flaw due to improper neutralization of input during web page generation, leading to a Stored Cross-site Scripting (XSS) condition. This allows for the injection of malicious scripts into web pages viewed by other users. **Recommendations** Update to version 1.39 or later.