CVE-2025-10354— Reflected Cross-Site Scripting (XSS) in Semantic MediaWiki

Reflected Cross-Site Scripting (XSS) in Semantic MediaWiki

Cross-Site Scripting (XSS) vulnerability reflected in Semantic MediaWiki. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL using the '/index.php/Speciaal:GefacetteerdZoeken' endpoint parameter. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.

N/A

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Semantic MediaWiki 跨站脚本漏洞

Semantic MediaWiki是Semantic MediaWiki开源的一个在wiki页面内存储和查询数据的扩展。 Semantic MediaWiki存在跨站脚本漏洞，该漏洞源于/index.php/Speciaal:GefacetteerdZoeken端点参数存在反射型跨站脚本，可能导致攻击者通过恶意URL在受害者浏览器执行JavaScript代码，窃取敏感数据或代表用户执行操作。

N/A

N/A