People gui-ying233

gui-ying233 (鬼影233)
Student

Projects

User does not belong to any projects.

Calendar

User Details

User Since: Aug 4 2025, 8:09 AM (19 w, 2 d)
Availability: Available
LDAP User: Unknown
MediaWiki User: 鬼影233 [ Global Accounts ]

鬼影的基地

Recent Activity
View All

Nov 1 2025

gui-ying233 added a comment to T401099: CVE-2025-61638: Sanitizer::validateAttributes data-XSS.

We need to keep this issue private until the next core mediawiki security release, due out at the end of September 2025. I've subscribed #acl_release_security_pre_announce to this task for external operators to patch early if they so choose. @Reedy, who manages the core mediawiki security releases, can decide if a special supplemental announcement regarding this issue should accompany the core mediawiki security release.

Nov 1 2025, 1:57 PM · MW-1.44-release, MW-1.43-release, MW-1.39-release, Content-Transform-Team (Work In Progress), SecTeam-Processed, Vuln-XSS, MediaWiki-Parser, Security, Security-Team

Aug 13 2025

gui-ying233 added a comment to T401099: CVE-2025-61638: Sanitizer::validateAttributes data-XSS.

Should we also prepare an FAQ similar to the 2021-12 security release/FAQ?

Aug 13 2025, 4:14 PM · MW-1.44-release, MW-1.43-release, MW-1.39-release, Content-Transform-Team (Work In Progress), SecTeam-Processed, Vuln-XSS, MediaWiki-Parser, Security, Security-Team

Aug 5 2025

gui-ying233 updated gui-ying233.

Aug 5 2025, 5:15 PM

gui-ying233 updated gui-ying233.

Aug 5 2025, 5:14 PM

gui-ying233 updated gui-ying233.

Aug 5 2025, 5:13 PM

gui-ying233 added a comment to T401099: CVE-2025-61638: Sanitizer::validateAttributes data-XSS.

Based on Reporting security bugs, do we need a CVE?

Aug 5 2025, 1:25 AM · MW-1.44-release, MW-1.43-release, MW-1.39-release, Content-Transform-Team (Work In Progress), SecTeam-Processed, Vuln-XSS, MediaWiki-Parser, Security, Security-Team

Aug 4 2025

gui-ying233 updated subscribers of T401099: CVE-2025-61638: Sanitizer::validateAttributes data-XSS.

Added some friends who already knew and may be able to help with this vulnerability, since I assumed it was just an extension vulnerability.

Aug 4 2025, 1:31 PM · MW-1.44-release, MW-1.43-release, MW-1.39-release, Content-Transform-Team (Work In Progress), SecTeam-Processed, Vuln-XSS, MediaWiki-Parser, Security, Security-Team

gui-ying233 added a comment to T401099: CVE-2025-61638: Sanitizer::validateAttributes data-XSS.

Aug 4 2025, 10:53 AM · MW-1.44-release, MW-1.43-release, MW-1.39-release, Content-Transform-Team (Work In Progress), SecTeam-Processed, Vuln-XSS, MediaWiki-Parser, Security, Security-Team

gui-ying233 added a comment to T401099: CVE-2025-61638: Sanitizer::validateAttributes data-XSS.

FYI: XSS Filter Evasion Cheat Sheet

Aug 4 2025, 10:04 AM · MW-1.44-release, MW-1.43-release, MW-1.39-release, Content-Transform-Team (Work In Progress), SecTeam-Processed, Vuln-XSS, MediaWiki-Parser, Security, Security-Team

gui-ying233 attached a referenced file: F65709324: QQ_1754300067826.png.

Aug 4 2025, 9:59 AM · MW-1.44-release, MW-1.43-release, MW-1.39-release, Content-Transform-Team (Work In Progress), SecTeam-Processed, Vuln-XSS, MediaWiki-Parser, Security, Security-Team

gui-ying233 added a comment to T401099: CVE-2025-61638: Sanitizer::validateAttributes data-XSS.

Since I was the one who actually discovered this, please reopen this ticket and close the other one.

Aug 4 2025, 9:51 AM · MW-1.44-release, MW-1.43-release, MW-1.39-release, Content-Transform-Team (Work In Progress), SecTeam-Processed, Vuln-XSS, MediaWiki-Parser, Security, Security-Team

gui-ying233 created T401099: CVE-2025-61638: Sanitizer::validateAttributes data-XSS.

Aug 4 2025, 9:39 AM · MW-1.44-release, MW-1.43-release, MW-1.39-release, Content-Transform-Team (Work In Progress), SecTeam-Processed, Vuln-XSS, MediaWiki-Parser, Security, Security-Team