An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. XSS can occur because of mishandling of the 0x1b character, as demonstrated by Special:RecentChanges#%1b0000000.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-05-05T00:00:00

Updated: 2024-08-02T02:51:11.465Z

Reserved: 2024-05-05T00:00:00

Link: CVE-2024-34507

cve-icon Vulnrichment

Updated: 2024-08-02T02:51:11.465Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-05-05T19:15:07.307

Modified: 2024-11-21T09:18:49.997

Link: CVE-2024-34507

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-05-05T00:00:00Z

Links: CVE-2024-34507 - Bugzilla