Security Advisory
CVE-2024-23178
CVE vulnerability detail — eXtreme Datacenter Security Operations
Description
An issue was discovered in the Phonos extension in MediaWiki before 1.40.2. PhonosButton.js allows i18n-based XSS via the phonos-purge-needed-error message.