VYPR

WikibaseMediaInfo

by MediaWiki

CVEs (2)

  • CVE-2021-46146Jan 7, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The WikibaseMediaInfo component is vulnerable to XSS via the caption fields for a given media file.

  • CVE-2020-6163Jan 8, 2020
    risk 0.00cvss epss 0.01

    The WikibaseMediaInfo extension 1.35 for MediaWiki allows XSS because of improper template syntax within the PropertySuggestionsWidget template (in the templates/search/PropertySuggestionsWidget.mustache+dom file).