๐ CVE-2022-34491
๐ก Newskategorie: Sicherheitslรผcken
๐ Quelle: cvedetails.com
In the RSS extension for MediaWiki through 1.38.1, when the $wgRSSAllowLinkTag config variable was set to true, and a new RSS feed was created with certain XSS payloads within its description tags and added to the $wgRSSUrlWhitelist config variable, stored XSS could occur via MediaWiki's template system whenever that feed was loaded via the rss document tag. (CVSS:0.0) (Last Update:2022-06-25) ...