The WikibaseMediaInfo extension 1.35 for MediaWiki allows XSS because of improper template syntax within the PropertySuggestionsWidget template (in the templates/search/PropertySuggestionsWidget.mustache+dom file).
| package | channel | channel version | pkg version | status |
| mediawiki | ||||
| nixos-unstable | ||||
| 2020-12-30 13:40:40 UTC (733e53) | 1.35.0 | vulnerable | ||
| 2020-12-28 03:35:23 UTC (2f4765) | 1.35.0 | vulnerable | ||
| 2020-12-26 19:40:21 UTC (84917a) | 1.35.0 | vulnerable | ||
| 2020-12-25 22:30:40 UTC (be0b45) | 1.35.0 | vulnerable | ||
| 2020-12-24 11:50:43 UTC (57a787) | 1.35.0 | vulnerable | ||
| 2020-12-09 23:30:18 UTC (e9158e) | 1.35.0 | vulnerable | ||
| 2020-12-07 13:45:28 UTC (83cbad) | 1.35.0 | vulnerable | ||
| 2020-12-04 00:20:45 UTC (296793) | 1.35.0 | vulnerable | ||
| 2020-11-30 17:20:38 UTC (24eb3f) | 1.35.0 | vulnerable | ||
| 2020-11-29 23:00:20 UTC (8ee7c2) | 1.35.0 | vulnerable | ||
| 2020-11-29 17:40:30 UTC (11b755) | 1.35.0 | vulnerable | ||
| 2020-11-28 13:10:37 UTC (6f0c00) | 1.35.0 | vulnerable | ||
| 2020-11-24 05:40:24 UTC (2247d8) | 1.35.0 | vulnerable | ||
| 2020-11-21 17:05:25 UTC (a322b3) | 1.35.0 | vulnerable | ||
| 2020-11-21 10:55:23 UTC (662528) | 1.35.0 | vulnerable | ||
| 2020-11-20 00:35:36 UTC (069f18) | 1.35.0 | vulnerable | ||
| 2020-11-15 21:10:35 UTC (2deeb5) | 1.35.0 | vulnerable | ||
| 2020-11-13 02:15:20 UTC (a371c1) | 1.35.0 | vulnerable | ||
| 2020-11-11 00:50:18 UTC (b839d4) | 1.35.0 | vulnerable | ||
| 2020-11-08 14:00:30 UTC (a52e97) | 1.35.0 | vulnerable | ||
| 2020-11-03 18:20:15 UTC (34ad16) | 1.35.0 | vulnerable | ||
| 2020-10-28 04:50:21 UTC (1dc373) | 1.35.0 | vulnerable | ||
| 2020-10-27 00:41:02 UTC (5d0e2d) | 1.35.0 | vulnerable |