VYPR
Moderate severityNVD Advisory· Published May 5, 2024· Updated Nov 4, 2025

CVE-2024-34500

CVE-2024-34500

Description

An issue was discovered in the UnlinkedWikibase extension in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. XSS can occur through an interface message. Error messages (in the $err var) are not escaped before being passed to Html::rawElement() in the getError() function in the Hooks class.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
samwilson/unlinked-wikibasePackagist
< 1.42.01.42.0

Affected products

3

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.