HomeDefault status
unaffected
1.39.x (semver) before 1.39.13
affected
1.42.x (semver) before 1.42.7
affected
1.43.x (semver) before 1.43.2
affected
Description
The CheckUser extension’s Special:Investigate interface is vulnerable to reflected XSS due to improper escaping of certain internationalized system messages rendered on the “IPs and User agents” tab. This issue affects Mediawiki - CheckUser extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.
Problem types
CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Product status
1.39.x (semver) before 1.39.13
1.42.x (semver) before 1.42.7
1.43.x (semver) before 1.43.2
References
phabricator.wikimedia.org/T394692
gerrit.wikimedia.org/...21b6800ff4d813a33ee9fe9b7ccf070b6b2e