VYPR

Importdump

by Miraheze

Source repositories

CVEs (2)

  • CVE-2024-47816MedOct 9, 2024
    risk 0.35cvss 6.4epss 0.00

    ImportDump is a mediawiki extension designed to automate user import requests. A user's local actor ID is stored in the database to tell who made what requests. Therefore, if a user on another wiki happens to have the same actor ID as someone on the central wiki, the user on the…

  • CVE-2024-47812MedOct 9, 2024
    risk 0.32cvss 6.0epss 0.00

    ImportDump is an extension for mediawiki designed to automate user import requests. Anyone who can edit the interface strings of a wiki (typically administrators and interface admins) can embed XSS payloads in the messages for dates, and thus XSS anyone who views…