Impact
On Special:WikiDiscover, the Language::date
function is used when making the human-readable timestamp for inclusion on the wiki_creation column. This function uses interface messages to translate the names of months and days. It uses the ->text()
output mode, returning unescaped interface messages. Since the output is not escaped later, the unescaped interface message is included on the output, resulting in an XSS vulnerability.
Exploiting this on-wiki requires the (editinterface)
right.
Patches
https://github.com/miraheze/WikiDiscover/commit/267e763a0d7460f001693c42f67717a0fc3fd6bb.patch
Workarounds
None
References
https://issue-tracker.miraheze.org/T11814
For more information
If you have any questions or comments about this advisory:
Impact
On Special:WikiDiscover, the
Language::date
function is used when making the human-readable timestamp for inclusion on the wiki_creation column. This function uses interface messages to translate the names of months and days. It uses the->text()
output mode, returning unescaped interface messages. Since the output is not escaped later, the unescaped interface message is included on the output, resulting in an XSS vulnerability.Exploiting this on-wiki requires the
(editinterface)
right.Patches
https://github.com/miraheze/WikiDiscover/commit/267e763a0d7460f001693c42f67717a0fc3fd6bb.patch
Workarounds
None
References
https://issue-tracker.miraheze.org/T11814
For more information
If you have any questions or comments about this advisory: