Scribunto
Monthly
Cross-site scripting (XSS) vulnerability in Wikimedia Scribunto 1.45.0 through 1.45.1 allows authenticated users to inject malicious scripts that may be executed in the context of other users' browsers, potentially compromising session security and enabling unauthorized actions on affected wiki installations. The vulnerability requires login credentials and elevated attack complexity but carries low availability impact; CVSS 2.3 reflects limited real-world threat when combined with the authentication requirement.
Improper Access Control vulnerability in Wikimedia Foundation Mediawiki - Scribunto Extension allows : Accessing Functionality Not Properly Constrained by Authorization.This issue affects Mediawiki - Scribunto Extension: from 1.39.X before 1.39.12, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.
Cross-site scripting (XSS) vulnerability in Wikimedia Scribunto 1.45.0 through 1.45.1 allows authenticated users to inject malicious scripts that may be executed in the context of other users' browsers, potentially compromising session security and enabling unauthorized actions on affected wiki installations. The vulnerability requires login credentials and elevated attack complexity but carries low availability impact; CVSS 2.3 reflects limited real-world threat when combined with the authentication requirement.
Improper Access Control vulnerability in Wikimedia Foundation Mediawiki - Scribunto Extension allows : Accessing Functionality Not Properly Constrained by Authorization.This issue affects Mediawiki - Scribunto Extension: from 1.39.X before 1.39.12, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.