Impact
What kind of vulnerability is it? Who is impacted?
This vulnerability allows reflected or stored XSS in the ManageWiki review dialog. A logged-in attacker must change a form field to include a malicious payload. If that same user then opens the "Review Changes" dialog, the payload will be rendered and executed in the context of their own session.
Exploit chain:
- The attacker modifies a ManageWiki form field with a malicious value (e.g., a JavaScript payload).
- The attacker then clicks the "Review Changes" button themselves.
- The unescaped value is injected via
.html() into the dialog and executed.
Because the dialog reflects and renders unsanitized input back into the DOM, this can be exploited as a self-XSS. In some cases, if an attacker tricks a privileged user into submitting the value (e.g., via social engineering), it could escalate to stored XSS.
Patches
Has the problem been patched? What versions should users upgrade to?
2f177dc
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
References
Are there any links users can visit to find out more?
Universal-Omega Finder
Impact
What kind of vulnerability is it? Who is impacted?
This vulnerability allows reflected or stored XSS in the ManageWiki review dialog. A logged-in attacker must change a form field to include a malicious payload. If that same user then opens the "Review Changes" dialog, the payload will be rendered and executed in the context of their own session.
Exploit chain:
.html()into the dialog and executed.Because the dialog reflects and renders unsanitized input back into the DOM, this can be exploited as a self-XSS. In some cases, if an attacker tricks a privileged user into submitting the value (e.g., via social engineering), it could escalate to stored XSS.
Patches
Has the problem been patched? What versions should users upgrade to?
2f177dc
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
References
Are there any links users can visit to find out more?