| |
Vulnerability CVE-2022-34491
Published: 2022-06-25
Description: |
In the RSS extension for MediaWiki through 1.38.1, when the $wgRSSAllowLinkTag config variable was set to true, and a new RSS feed was created with certain XSS payloads within its description tags and added to the $wgRSSUrlWhitelist config variable, stored XSS could occur via MediaWiki's template system whenever that feed was loaded via the rss document tag. |
References: |
https://phabricator.wikimedia.org/T307028
https://gerrit.wikimedia.org/r/q/I2f7827103bdee0ea766b1f5e7040e2a022fcd2f3
|
|
|
Copyright 2024, cxsecurity.com
|
|
|