[Wikitech-l] Re: MediaWiki Extensions and Skins Security Release Supplement (1.35.11/1.38.7/1.39.4/1.40.0)

3 Jul 2023


      ...
Wikibase

(T339111, CVE-2023-37302) - Style injection into badges on Wikidata due

to unescaped quotes.
...
https://gerrit.wikimedia.org/r/c/933649
https://gerrit.wikimedia.org/r/c/933649
...
https://gerrit.wikimedia.org/r/c/933650
It should be noted that the description of this issue is incorrect. It is
an XSS not just a style injection.
--
bawolff

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

[Wikitech-l] Re: MediaWiki Extensions and Skins Security Release Supplement (1.35.11/1.38.7/1.39.4/1.40.0)