Mediawiki Campaignevents Extension
Monthly
Improper input neutralization in Mediawiki CampaignEvents Extension versions 1.43.7, 1.44.4, and 1.45.2 allows unauthenticated remote attackers to inject and execute arbitrary JavaScript in user browsers via cross-site scripting (XSS). The vulnerability affects web page generation with a CVSS 4.0 base score of 6.9, indicating low confidentiality, integrity, and availability impact across both changed and unchanged security scopes.
Improper input neutralization in Mediawiki CampaignEvents Extension versions 1.43.7, 1.44.4, and 1.45.2 allows unauthenticated remote attackers to inject and execute arbitrary JavaScript in user browsers via cross-site scripting (XSS). The vulnerability affects web page generation with a CVSS 4.0 base score of 6.9, indicating low confidentiality, integrity, and availability impact across both changed and unchanged security scopes.