ManageWiki is a MediaWiki extension allowing users to manage wikis. Special:ManageWiki does not escape escape interface messages on the columns
and help
keys on the form descriptor. An attacker may exploit this and would have a cross site scripting attack vector. Exploiting this on-wiki requires the (editinterface)
right. Users should apply the code changes in commits 886cc6b94
, 2ef0f50880
, and 6942e8b2c
to resolve this vulnerability. There are no known workarounds for this vulnerability.