CVE-2024-23179 Information
Jan 13, 2024
cve
Description
An issue was discovered in the GlobalBlocking extension in MediaWiki before 1.40.2. For a Special:GlobalBlock?uselang=x-xss URI i18n-based XSS can occur via the parentheses message. This affects subtitle links in buildSubtitleLinks.
Reference
https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/message/TDBUBCCOQJUT4SCHJNPHKQNPBUUETY52/ https://phabricator.wikimedia.org/T347746
Share on: