PT-2026-2257 · Unknown+1 · Approvedrevs Extension+1
Somerandomdeveloper
·
Published
2026-01-09
·
Updated
2026-01-09
·
CVE-2026-22712
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Mediawiki - ApprovedRevs Extension versions 1.39 through 1.45
Description
The Mediawiki - ApprovedRevs Extension contains a flaw related to improper encoding or escaping of output due to magic word replacement in ParserAfterTidy. This can lead to input data manipulation by bypassing the inline CSS sanitizer.
Recommendations
Update to a version later than 1.45.
Exploit
Fix
Improper Encoding or Escaping of Output
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Approvedrevs Extension
Mediawiki