{
  "id": "CVE-2024-34500",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-05-05T19:15:07.123",
  "lastModified": "2024-06-10T17:16:29.303",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the UnlinkedWikibase extension in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. XSS can occur through an interface message. Error messages (in the $err var) are not escaped before being passed to Html::rawElement() in the getError() function in the Hooks class."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en la extensi\u00f3n UnlinkedWikibase en MediaWiki antes de 1.39.6, 1.40.x antes de 1.40.2 y 1.41.x antes de 1.41.1. XSS puede ocurrir a trav\u00e9s de un mensaje de interfaz. Los mensajes de error (en la $err var) no se escapan antes de pasarse a Html::rawElement() en la funci\u00f3n getError() en la clase Hooks."
    }
  ],
  "metrics": {},
  "references": [
    {
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/UnlinkedWikibase/+/1002175",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://phabricator.wikimedia.org/T357203",
      "source": "cve@mitre.org"
    }
  ]
}