Vulnerability CVE-2022-34491

Published: 2022-06-25   Modified: 2022-06-26

In the RSS extension for MediaWiki through 1.38.1, when the $wgRSSAllowLinkTag config variable was set to true, and a new RSS feed was created with certain XSS payloads within its description tags and added to the $wgRSSUrlWhitelist config variable, stored XSS could occur via MediaWiki's template system whenever that feed was loaded via the rss document tag.


Copyright 2022,


Back to Top