An issue was discovered in the Phonos extension in MediaWiki before 1.40.2. PhonosButton.js allows i18n-based XSS via the phonos-purge-needed-error message.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-01-12T00:00:00

Updated: 2024-08-01T22:59:31.836Z

Reserved: 2024-01-12T00:00:00

Link: CVE-2024-23178

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2024-01-12T06:15:47.337

Modified: 2024-01-18T20:22:07.447

Link: CVE-2024-23178

cve-icon Redhat

No data.