Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
MediaWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2024-34500 - Vulnerability Database
MediaWiki

MediaWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2024-34500

Medium
Reference: CVE-2024-34500
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2024-34500
Title: MediaWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

An issue was discovered in the UnlinkedWikibase extension in MediaWiki before 1.39.6 1.40.x before 1.40.2 and 1.41.x before 1.41.1. XSS can occur through an interface message. Error messages (in the err var) are not escaped before being passed to Html::rawElement() in the getError() function in the Hooks class.