Nixpkgs security tracker
NIXPKGS-2026-0125
GitHub issue
published on
by @LeSuisse Activity log
- Created suggestion
- @LeSuisse accepted
- @LeSuisse published on GitHub
Action API xslt option allows JavaScript execution by administrators who are not interface administrators
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiFormatXml.Php. This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1.
References
Affected products
MediaWiki
- <1.39.16, 1.43.6, 1.44.3, 1.45.1
Package maintainers
-
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
-
@gshipunov Grigory Shipunov <blame@oxapentane.com>
-
@tanneberger Tassilo Tanneberger <revol-xut@protonmail.com>
-
@astro Astro <astro@spaceboyz.net>