This could potentially be abused by intruders, for instance, to execute code in the users’ browsers or to steal private data.
An issue was discovered in the Extension:Cite extension in MediaWiki through 1.28. The extension does not sanitize the cite attributes of MediaWiki links properly, which will cause the links to be clickable, even though the links do not actually exist on the target page.
An issue was discovered in the Extension:RSS extension in MediaWiki through 1.28. The RSS extension does not check the syntax of the RSS feed urls, which allows for the injection of malicious URLs.
An issue was discovered in the Extension:Cite extension in MediaWiki through 1.28. The extension does not sanitize the cite attributes of MediaWiki links properly, which will cause the links to be clickable, even though the links do not actually exist on the target page.
An issue was discovered in the Extension:RSS extension in MediaWiki through 1.28. The RSS extension does not check the syntax of the RSS feed urls, which allows for the injection of malicious URLs.
An issue was discovered in the Extension:Cite extension in MediaWiki through 1.28. The extension does not sanitize the cite attributes of MediaWiki links properly, which will cause the links to be clickable, even though the links do not actually exist on the target page.
An
MediaWiki Software:
The Good, the Bad, and The Ugly
MediaWiki software is a tool that allows users to create and edit any type of content. It is an open source wiki software (often referred to as Wikipedia) that is often used on Internet projects such as Wikipedia, Wikiversity, Wikibooks, etc.
Not only does MediaWiki allow for free editing for anyone but it also includes hosting services and advanced features such as language packs and extensions.
MediaWiki has many strengths which include its simplicity and ease of use.
It's proven itself to be very reliable with over 300,000 wikis running on it all around the world at last count.
The bad part about MediaWiki is that it can still have some security vulnerabilities which may lead to problems such as data leaks or hacking. For example, in 2011 the Pandora trackemd "was reported hacked by remote attackers" according to WikiUpdates.com.
Timeline
Published on: 09/29/2022 03:15:00 UTC
Last modified on: 09/30/2022 16:42:00 UTC