CNNVD-202602-185 Information
CNNVD ID
CNNVD-202602-185
Related CVE
- CNNVD Published: 2026-02-03
Description (Chinese)
MediaWiki是美国维基媒体(Wikimedia)基金会的一套自由免费的基于网络的Wiki引擎。该产品可用于部署内部的知识管理和内容管理系统。 MediaWiki 1.39.14之前版本、1.43.4之前版本和1.44.1之前版本存在安全漏洞,该漏洞源于程序文件resources/src/mediawiki.Action/mediawiki.Action.Edit.Preview.Js和resources/src/mediawiki.Page.Preview.Js存在输入中和不当,可能导致跨站脚本攻击。
Description (English)
MediaWiki is a free, free, web-based Wiki engine for the Wikimedia Foundation in the United States. The product can be used for the deployment of internal knowledge management and content management systems. There is a security loophole in previous versions of MediaWiki 1.39.14, before 1.43.4 and before 1.44.1, which stems from the fact that the program documents resources/src/mediawiki.action/mediawiki.action.Edit.Proview.Js and resources/src/mediawiki.Page.Proview.Js have been entered and misled, which may lead to cross-site script attacks.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
维基媒体
Published
2026-02-03
Last Modified
2026-02-24
References
https://phabricator.wikimedia.org/T394856
Patch
https://phabricator.wikimedia.org/T394856
Share on: