Page MenuHomePhabricator
Create Task
Maniphest T310026

most-wanted XSS vulnerability
Closed, ResolvedPublicSecurity
Actions

Description

URL parameters like https://most-wanted.toolforge.org/index.php?hints=0&project=%3Cscript%3Ealert(%27XSS%27)%3C/script%3E can be used to execute arbitrary JS.

Reporting on Phabricator per similar previous reports like T305764.

Details

Risk Rating
Medium
Author Affiliation
Wikimedia Communities

Related Objects

Event Timeline

1234qwer1234qwer4 created this task.Jun 6 2022, 10:08 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 6 2022, 10:08 PM
1234qwer1234qwer4 assigned this task to Magnus.Jun 6 2022, 10:08 PM
Aklapper added projects: Vuln-XSS, Tools.Jun 7 2022, 6:51 AM
sbassett edited projects, added SecTeam-Processed; removed Security-Team.Jun 13 2022, 4:17 PM
Magnus closed this task as Resolved.Nov 26 2025, 8:02 AM

Fixed.

sbassett triaged this task as Medium priority.Nov 27 2025, 4:20 PM
sbassett changed Author Affiliation from N/A to Wikimedia Communities.
sbassett changed the visibility from "Custom Policy" to "Public (No Login Required)".
sbassett changed the edit policy from "Custom Policy" to "All Users".
sbassett changed Risk Rating from N/A to Medium.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits