CVE-2024-47781: Mediawiki Pager Unescaped Formatvalue
Values returned by `formatValue` in MediaWiki Pager classes are directly rendered as raw HTML. Returning unescaped database fields or user input from this method causes Stored Cross-Site Scripting (XSS). Ensure all mapped values are suitably escaped using `htmlspecialchars()`, `$this->escape()`, or constructed via safe structure builders like `Html::element(
PHPβgreprules fetch cve-2024-47781-mediawiki-pager-unescaped-formatvalue --engine opengrepDescription
Values returned by `formatValue` in MediaWiki Pager classes are directly rendered as raw HTML. Returning unescaped database fields or user input from this method causes Stored Cross-Site Scripting (XSS). Ensure all mapped values are suitably escaped using `htmlspecialchars()`, `$this->escape()`, or constructed via safe structure builders like `Html::element(
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0