hao/websafe-kb
1
0
派生 0
代码 工单 合并请求 1 工作流 软件包 项目 发布 百科 活动
文件
982a352a546f34bbfdcd5bbef8d4efc131ee83da
websafe-kb/08-threat-intel/registry/advisories/mediawiki--46bf0dec8b.json
hao bfd7d732ae feat: sync version-driven intel coverage
2026-03-21 18:18:55 -07:00

149 行
19 KiB
JSON
原始文件 Blame 文件历史

{
"canonical_id": "mediawiki--46bf0dec8b",
"system_id": "mediawiki",
"display_name": "MediaWiki",
"category": "cms",
"advisory_mode": "core",
"title": "[MediaWiki-announce] MediaWiki Extensions and Skins Security Release Supplement (1.39.13/1.42.7/1.43.2)",
"summary": "Greetings-\n\nWith the security/maintenance release of MediaWiki 1.39.13/1.42.7/1.43.2,\nwe would also like to provide this supplementary announcement of MediaWiki\nextensions and skins with now-public Phabricator tasks, security patches\nand backports [1]:\n\nManageWiki\n+ (\nhttps://github.com/miraheze/ManageWiki/security/advisories/GHSA-gg42-cv66-f5x7,\nCVE-2025-32956) - SQL injection vulnerability in NamespaceMigrationJob\nhttps://github.com/miraheze/ManageWiki/commit/f504ed8eeb59b57ebb90f93cd44f23da4c5bc4c9\n\nIPInfo\n+ (T392976 <https://phabricator.wikimedia.org/T392976>, CVE-2025-53481) -\nDenial of service vector on ipinfo/v0/norevision\nhttps://gerrit.wikimedia.org/r/q/I474b7a1b3bc1e7597fee0826a18a0cf042359f0f\n\nIPInfo\n+ (T392976 <https://phabricator.wikimedia.org/T392976>, CVE-2025-53481) -\nDenial of service vector on ipinfo/v0/norevision\nhttps://gerrit.wikimedia.org/r/q/I08a7154f8fa08bb6f0940e522075bdc2a3d4433f\n\nIPInfo\n+ (T394393 <https://phabricator.wikimedia.org/T394393>, CVE-2025-53482) -\nIPInfo: Message key XSS through several IPInfo messages in infobox and popup\nhttps://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/1146685\n\nIPInfo\n+ (T394393 <https://phabricator.wikimedia.org/T394393>, CVE-2025-53482) -\nIPInfo: Message key XSS through several IPInfo messages in infobox and popup\nhttps://gerrit.wikimedia.org/r/q/Ibb9b7dcb04f551a3da32e9de09a8ac11caa2a3aa\n\nSecurePoll\n+ (T392341 <https://phabricator.wikimedia.org/T392341>, CVE-2025-53483) -\nSecurePoll is vulnerable to XSS, CSRF, and lack of authorisation\nhttps://gerrit.wikimedia.org/r/c/mediawiki/extensions/SecurePoll/+/1149618\n\nSecurePoll\n+ (T392341 <https://phabricator.wikimedia.org/T392341>, CVE-2025-53484) -\nSecurePoll is vulnerable to XSS, CSRF, and lack of authorisation\nhttps://gerrit.wikimedia.org/r/q/I5fb4da635b538b6ef121ae77d9088737fd8bf0de\n\nSecurePoll\n+ (T392341 <https://phabricator.wikimedia.org/T392341>, CVE-2025-53483) -\nSecurePoll is vulnerable to XSS, CSRF, and lack of authorisation\nhttps://gerrit.wikimedia.org/r/q/I7a771f81cc72bd5c6242767cf3f5e19fa140accc\n\nSecurePoll\n+ (T392341 <https://phabricator.wikimedia.org/T392341>, CVE-2025-53485) -\nSecurePoll is vulnerable to XSS, CSRF, and lack of authorisation\nhttps://gerrit.wikimedia.org/r/q/Iaaae70289464b8f097ff8d2d6c828ddf942d2d60\n\nSecurePoll\n+ (T392341 <https://phabricator.wikimedia.org/T392341>, CVE-2025-53484) -\nSecurePoll is vulnerable to XSS, CSRF, and lack of authorisation\nhttps://gerrit.wikimedia.org/r/q/Id6e0c8c3020c293460010ef0019bc6c40d43b596\n\nWikiCategoryTagCloud\n+ (T394590 <https://phabricator.wikimedia.org/T394590>, CVE-2025-53486) -\nReflected XSS in WikiCategoryTagCloud\nhttps://gerrit.wikimedia.org/r/q/Idd68cf2372aedd916687d30b1bd09ebb48fcfd17\n\nApprovedRevs\n+ (T394383 <https://phabricator.wikimedia.org/T394383>, CVE-2025-53487) -\nStored XSS through system messages in Extension:ApprovedRevs\nhttps://gerrit.wikimedia.org/r/q/Ifcab085111e7898da485a5e2ae287fee4e6d167b\n\nCheckUser\n+ (T394692 <https://phabricator.wikimedia.org/T394692>, CVE-2025-53478) -\nSpecial:Investigate 'IPs and User agents' tab has i18n XSS vectors\nhttps://gerrit.wikimedia.org/r/q/I3a1e21b6800ff4d813a33ee9fe9b7ccf070b6b2e\n\nCheckUser\n+ (T394693 <https://phabricator.wikimedia.org/T394693>, CVE-2025-53479) -\nSpecial:CheckUser has i18n XSS vectors\nhttps://gerrit.wikimedia.org/r/q/I159e14543912cb3bc7f4a00c3090c0285b154786\n\nCheckUser\n+ (T394700 <https://phabricator.wikimedia.org/T394700>, CVE-2025-53480) -\nSpecial:Investigate 'Account information' tab has i18n XSS vectors\nhttps://gerrit.wikimedia.org/r/q/I777fc55fef15c3b00df0db268af2b64cb2d6e381\n\nMsUpload\n+ (T394864 <https://phabricator.wikimedia.org/T394864>, CVE-2025-7362) -\nStored XSS through a system message in MsUpload\nhttps://gerrit.wikimedia.org/r/q/Icf4c0a5a936926ea887ca2e48c3a7bd297201d9f\n\nTitleIcon\n+ (T394721 <https://phabricator.wikimedia.org/T394721>, CVE-2025-7363) -\nXSS in TitleIcon\nhttps://gerrit.wikimedia.org/r/q/I107ab638fecbf52b5bec3f02726ed24b1ae74429\n\nTwoColConflict\n+ (T394938 <https://phabricator.wikimedia.org/T394938>, CVE-2025-53494) -\nStored XSS in TwoColConflict\nhttps://gerrit.wikimedia.org/r/c/mediawiki/extensions/TwoColConflict/+/1150011\n\nMintyDocs\n+ (T395376 <https://phabricator.wikimedia.org/T395376>, CVE-2025-53493) -\nStored XSS in MintyDocs\nhttps://gerrit.wikimedia.org/r/c/mediawiki/extensions/MintyDocs/+/1151800\n\nMintyDocs\n+ (T395737 <https://phabricator.wikimedia.org/T395737>, CVE-2025-53492) -\nStored XSS in MintyDocs\nhttps://gerrit.wikimedia.org/r/c/mediawiki/extensions/MintyDocs/+/1152771\n\nFlaggedRevs\n+ (T394397 <https://phabricator.wikimedia.org/T394397>, CVE-2025-53491) -\nStored XSS in FlaggedRevs\nhttps://gerrit.wikimedia.org/r/c/mediawiki/extensions/FlaggedRevs/+/1165929\n\nCampaignEvents\n+ (T395622 <https://phabricator.wikimedia.org/T395622>, CVE-2025-53490) -\nMultiple XSS in CampaignEvents\nhttps://gerrit.wikimedia.org/r/c/mediawiki/extensions/CampaignEvents/+/1165949\n\nGoogleDocs4MW\n+ (T395949 <https://phabricator.wikimedia.org/T395949>, CVE-2025-53489) -\nXSS in GoogleDocs4MW\nhttps://gerrit.wikimedia.org/r/c/mediawiki/extensions/GoogleDocs4MW/+/1155269\n\nwikihiero\n+ (T396524 <https://phabricator.wikimedia.org/T396524>, CVE-2025-53488) -\nStored XSS in WikiHiero\nhttps://gerrit.wikimedia.org/r/c/mediawiki/extensions/wikihiero/+/1166018\n\nRelatedArticles\n+ (T396413 <https://phabricator.wikimedia.org/T396413>, CVE-2025-53497) -\nStored XSS in RelatedArticles\nhttps://gerrit.wikimedia.org/r/c/mediawiki/extensions/RelatedArticles/+/1166024\n\nMediaSearch\n+ (T396946 <https://phabricator.wikimedia.org/T396946>, CVE-2025-53496) -\nStored XSS in MediaSearch\nhttps://gerrit.wikimedia.org/r/c/mediawiki/extensions/MediaSearch/+/1166030\n\nAbuseFilter\n+ (T396750 <https://phabricator.wikimedia.org/T396750>, CVE-2025-53495) -\nUnauthorized Disclosure of IP Reputation in AbuseFilter\nhttps://gerrit.wikimedia.org/r/c/mediawiki/extensions/AbuseFilter/+/1166040\n\nAbuseFilter\n+ (T397196 <https://phabricator.wikimedia.org/T397196>, CVE-2025-53499) -\nUnauthorized Inspection of Protected Variables in AbuseFilter\nhttps://gerrit.wikimedia.org/r/c/mediawiki/extensions/AbuseFilter/+/1166045\n\nAbuseFilter\n+ (T397221 <https://phabricator.wikimedia.org/T397221>, CVE-2025-53498) -\nLack of Audit Logging in AbuseFilter\nhttps://gerrit.wikimedia.org/r/c/mediawiki/extensions/AbuseFilter/+/1166844\n\nFeaturedFeeds\n+ (T392279 <https://phabricator.wikimedia.org/T392279>, CVE-2025-53502) -\nHTML injection in FeaturedFeeds\nhttps://gerrit.wikimedia.org/r/c/mediawiki/extensions/FeaturedFeeds/+/1149742\n\nScribunto\n+ (T397524 <https://phabricator.wikimedia.org/T397524>, CVE-2025-53501) -\nContent Access Bypass in Scribunto\nhttps://gerrit.wikimedia.org/r/c/mediawiki/extensions/Scribunto/+/1164541\n\nMassEditRegex\n+ (T397334 <https://phabricator.wikimedia.org/T397334>, CVE-2025-53500) -\nStored XSS in MassEditRegex\nhttps://gerrit.wikimedia.org/r/c/mediawiki/extensions/MassEditRegex/+/1163878\n\nCentralAuth\n+ (T389010 <https://phabricator.wikimedia.org/T389010>, CVE-2025-6926) -\nSecurity Authentication Bypass in CentralAuth\nhttps://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165117\n\nManageWiki\n+ (\nhttps://github.com/miraheze/ManageWiki/security/advisories/GHSA-ccrf-x5rp-gppr,\nCVE-2025-32964) - ManageWiki Vulnerable To Permission Bypass When Disabling\nExtensions Requiring Certain Permissions In Special:ManageWiki/Extensions\nhttps://github.com/miraheze/ManageWiki/commit/00bebea43a3e3ff0157b5f04df17c1d1e88a9acd\n\nManageWiki\n+ (\nhttps://github.com/miraheze/ManageWiki/security/advisories/GHSA-859x-46h8-vcrv,\nCVE-2025-43861) - ManageWiki Vulnerable to Self-XSS in review dialog via\nunsanitized field reflection\nhttps://github.com/miraheze/ManageWiki/commit/2f177dc83b28b727613215b835d4036cb179e4ab\n\nCitizen\n+ (\nhttps://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-4c2h-67qq-vm87,\nCVE-2025-49575) - Citizen Allows Stored XSS In Command Palette Tip Messages\nhttps://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/4fa69e1d062dca7e407cc0530cf1da3e2baaf0b5\n\nCitizen\n+ (\nhttps://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-86xf-2mgp-gv3g,\nCVE-2025-49576) - Citizen Allows Stored XSS In Search No Result Messages\nhttps://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/93c36ac778397e0e7c46cf7adb1e5d848265f1bd\n\nCitizen\n+ (\nhttps://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-jwr7-992g-68mh,\nCVE-2025-49577) - Citizen Allows Stored XSS In Preference Menu Headings\nhttps://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/93c36ac778397e0e7c46cf7adb1e5d848265f1bd\n\nCitizen\n+ (\nhttps://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-2v3v-3whp-953h,\nCVE-2025-49578) - Citizen Allows Stored XSS In User Registration Date\nMessage\nhttps://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/64cb5d7ab3a6dc0381fae54b31e8fc4afadc8beb\n\nCitizen\n+ (\nhttps://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-g3cp-pq72-hjpv,\nCVE-2025-49579) - Citizen Allows Stored XSS In Menu Heading Message\nhttps://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/54c8717d45ce1594918f11cb9ce5d0ccd8dfee65\n\nTabberNeue\n+ (\nhttps://github.com/StarCitizenTools/mediawiki-extensions-TabberNeue/security/advisories/GHSA-jfj7-249r-7j2m,\nCVE-2025-53093) - TabberNeue Vulnerable To Stored XSS Through Wikitext\nhttps://github.com/StarCitizenTools/mediawiki-extensions-TabberNeue/commit/4cdf217ef96da74a1503d1dd0bb0ed898fc2a612\n\nShortDescription\n+ (\nhttps://github.com/StarCitizenTools/mediawiki-extensions-ShortDescription/security/advisories/GHSA-p85q-mww9-gwqf,\nCVE-2025-53369) - Citizen Short Description Stored XSS Vulnerability\nThrough Wikitext\nhttps://github.com/StarCitizenTools/mediawiki-extensions-ShortDescription/commit/bc4fdbaeb1dff127fb6d08c0d385b64aa128c8f8\n\nCitizen\n+ (\nhttps://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-rq6g-6g94-jfr4,\nCVE-2025-53368) - Citizen Is Vulnerable To Stored XSS Attack In The Legacy\nSearch Bar\nhttps://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/aedbceb3380bb48db6b59e272fc187529c71c8ca\n\nCitizen\n+ (\nhttps://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-prmv-7r8c-794g,\nCVE-2025-53370) - Citizen Stored XSS Vulnerability Through Short\nDescriptions\nhttps://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/c85a40bddc8651fff66df83a72debddcb34f0521\n\nUrlShortener\n+ (T394869 <https://phabricator.wikimedia.org/T394869>, CVE-2025-7056) -\nStored XSS in UrlShortener\nhttps://gerrit.wikimedia.org/r/c/mediawiki/extensions/UrlShortener/+/1166268\n\nQuiz\n+ (T394612 <https://phabricator.wikimedia.org/T394612>, CVE-2025-7057) -\nStored XSS in Quiz\nhttps://gerrit.wikimedia.org/r/c/mediawiki/extensions/Quiz/+/1166274\n\nThe Wikimedia Security Team recommends updating these extensions and/or\nskins to the current master branch or relevant, supported release branch\n[2] as soon as possible. Some of the referenced Phabricator tasks above\n_may_ still be private. Unfortunately, when security issues are reported,\nsometimes sensitive information is exposed and since Phabricator is\nhistorical, we cannot make these tasks public without exposing this\nsensitive information. If you have any additional questions or concerns\nregarding this update, please feel free to contact security\uff20wikimedia.org\nor file a security task within Phabricator [3].\n\n[1] https://phabricator.wikimedia.org/T389312\n[2] https://www.mediawiki.org/wiki/Version_lifecycle\n[3] https://www.mediawiki.org/wiki/Reporting_security_bugs",
"published_at": "Wed, 09 Jul 2025 16:53:41 +0000",
"updated_at": "Wed, 09 Jul 2025 16:53:41 +0000",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/B757OC4UOPKOO4EYXNPUKQY2BS4CQE2E/",
"secondary_source_urls": [],
"aliases": [],
"cve_ids": [],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"xss-output-encoding",
"authz-server-side-recheck",
"file-upload-validation",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"entity_refs": [
{
"entity_id": "mediawiki",
"entity_type": "system",
"relation": "root-system",
"root_system_id": "mediawiki",
"official": true
}
],
"affected_components": [
{
"name": "MediaWiki",
"entity_id": "mediawiki",
"scope": "core",
"package_name": null,
"official": true
}
],
"affected_version_ranges": [],
"fixed_version_ranges": [],
"introduced_version": null,
"patched_version": null,
"version_evidence_sources": [
"https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/B757OC4UOPKOO4EYXNPUKQY2BS4CQE2E/"
],
"affected_version_refs": [],
"fixed_version_refs": [],
"patched_version_refs": [],
"version_sync_confidence": "low",
"advisory_scope": "core",
"version_confidence": "low",
"version_gap_reason": "official bulletin or aggregated source did not expose explicit affected/fixed versions",
"version_resolution_needed": true,
"workflow": {
"workflow_id": "mediawiki--46bf0dec8b--workflow",
"vuln_family": "xss",
"entry_surface": "web-ui-render-path",
"preconditions": [
"\u4ec5\u5728 lab-local\u3001lab-public \u6216\u660e\u786e\u6388\u6743\u76ee\u6807\u4e2d\u6267\u884c\u3002",
"\u786e\u8ba4\u76ee\u6807\u547d\u4e2d\u7248\u672c\u65ad\u8a00: \u9700\u8981\u4ece\u516c\u544a\u3001\u9501\u6587\u4ef6\u3001\u7248\u672c\u9875\u6216\u5173\u4e8e\u9875\u9762\u4eba\u5de5\u786e\u8ba4\u7248\u672c\u547d\u4e2d",
"\u82e5\u5bf9\u8c61\u5c5e\u4e8e `core`\uff0c\u5148\u786e\u8ba4\u6269\u5c55/\u4ed3\u5e93/\u5305\u5df2\u542f\u7528\u5e76\u5904\u4e8e\u53d7\u5f71\u54cd\u7248\u672c\u3002"
],
"required_role": "editor-or-admin",
"affected_version_assertion": [
"\u9700\u8981\u4ece\u516c\u544a\u3001\u9501\u6587\u4ef6\u3001\u7248\u672c\u9875\u6216\u5173\u4e8e\u9875\u9762\u4eba\u5de5\u786e\u8ba4\u7248\u672c\u547d\u4e2d"
],
"trigger_vector": "\u5bf9 `xss` \u5bb6\u65cf\u5165\u53e3\u6295\u9012\u6700\u5c0f\u5316\u3001\u53ef\u5ba1\u8ba1\u3001\u53ef\u56de\u6eda\u7684\u53d7\u63a7\u8f93\u5165\uff0c\u6bd4\u8f83\u4fee\u590d\u524d\u540e\u5dee\u5f02\u3002",
"request_or_ui_path": [
"/admin/editor",
"/preview",
"/rendered-content"
],
"input_shape": "\u53d7\u63a7 HTML/Markdown/\u5bcc\u6587\u672c\u8f93\u5165\uff0c\u89c2\u5bdf\u6e32\u67d3\u4e0a\u4e0b\u6587\u662f\u5426\u5931\u53bb\u7f16\u7801\u6216\u51c0\u5316\u3002",
"expected_unsafe_behavior": "\u8f93\u5165\u5728\u76ee\u6807\u4e0a\u4e0b\u6587\u6267\u884c\u6216\u88ab\u6d4f\u89c8\u5668\u89e3\u91ca\u4e3a\u4e3b\u52a8\u5185\u5bb9\u3002",
"server_evidence_points": [
"\u5e94\u7528\u65e5\u5fd7\u4e2d\u7684\u547d\u4e2d\u8def\u5f84\u3001\u9274\u6743\u51b3\u7b56\u548c\u5f02\u5e38\u6808",
"\u53cd\u5411\u4ee3\u7406\u6216\u8fb9\u754c\u5c42\u65e5\u5fd7\u4e2d\u7684\u8bf7\u6c42\u5934\u3001\u6765\u6e90 IP \u4e0e\u8def\u7531\u51b3\u7b56"
],
"browser_evidence_points": [
"\u57fa\u7ebf\u622a\u56fe\u4e0e\u653b\u51fb\u540e\u622a\u56fe\u7684 DOM/\u89c6\u89c9\u5dee\u5f02",
"console\u3001network \u4e0e response metadata \u4e2d\u7684\u5f02\u5e38\u4fe1\u53f7"
],
"db_or_fs_evidence_points": [
"\u6570\u636e\u5e93\u4e2d\u65b0\u589e/\u8d8a\u6743\u8bfb\u53d6\u7684\u6d4b\u8bd5\u6570\u636e",
"\u6587\u4ef6\u7cfb\u7edf\u4e2d\u65b0\u589e\u4e0a\u4f20\u6837\u672c\u3001\u7f13\u5b58\u6761\u76ee\u6216\u8d8a\u6743\u8bfb\u53d6\u75d5\u8ff9"
],
"detection_signals": [
"WAF / reverse proxy \u5f02\u5e38\u65e5\u5fd7\u3001\u8bbf\u95ee\u65e5\u5fd7\u548c\u544a\u8b66",
"\u5e94\u7528\u5ba1\u8ba1\u65e5\u5fd7\u4e2d\u7684\u6743\u9650\u9519\u8bef\u3001\u91cd\u5b9a\u5411\u5f02\u5e38\u3001\u6a21\u677f\u6e32\u67d3\u6216\u4e0a\u4f20\u843d\u76d8\u4e8b\u4ef6"
],
"mitigation_summary": "\u4f18\u5148\u5347\u7ea7\u5230\u4fee\u590d\u7248\u672c\uff0c\u5e76\u540c\u65f6\u6536\u7d27\u8f93\u5165\u6821\u9a8c\u3001\u670d\u52a1\u7aef\u9274\u6743\u3001\u4ee3\u7406\u4fe1\u4efb\u8fb9\u754c\u3001\u6269\u5c55\u5b89\u88c5\u4fe1\u4efb\u548c\u5ba1\u8ba1\u65e5\u5fd7\u3002",
"patch_validation_steps": [
"\u786e\u8ba4\u76ee\u6807\u7248\u672c\u4ece `\u53d7\u5f71\u54cd\u7248\u672c\u533a\u95f4` \u5347\u7ea7\u6216\u56de\u79fb\u5230 `\u4fee\u590d\u7248\u672c`\u3002",
"\u4fdd\u7559\u540c\u4e00\u7ec4\u53d7\u63a7\u8f93\u5165\uff0c\u5728\u4fee\u590d\u524d\u540e\u5206\u522b\u6267\u884c\u5e76\u6bd4\u5bf9\u54cd\u5e94\u3001\u65e5\u5fd7\u4e0e\u6d4f\u89c8\u5668\u8bc1\u636e\u3002",
"\u786e\u8ba4\u4fee\u590d\u540e\u4ec5\u4fdd\u7559\u9884\u671f\u4e1a\u52a1\u884c\u4e3a\uff0c\u4e0d\u518d\u89e6\u53d1\u8d8a\u6743\u3001\u56de\u663e\u3001\u5f02\u5e38\u6e32\u67d3\u6216\u9519\u8bef\u8bf7\u6c42\u3002",
"\u8865\u5145 `xss` \u65cf\u81ea\u52a8\u5316\u56de\u5f52\uff0c\u907f\u514d\u540c\u7c7b\u8def\u5f84\u5728\u63d2\u4ef6\u3001\u4e3b\u9898\u6216\u4ee3\u7406\u94fe\u4e2d\u56de\u5f52\u3002"
],
"lab_safety_notes": [
"\u53ea\u4f7f\u7528\u56de\u73af\u5730\u5740\u3001\u54e8\u5175\u76ee\u6807\u3001\u65e0\u5bb3\u6837\u672c\u6216\u53ef\u56de\u6eda\u6d4b\u8bd5\u6570\u636e\u3002",
"\u7981\u6b62\u9020\u6210\u6301\u4e45\u7834\u574f\u3001\u8d8a\u6743\u4e0b\u8f7d\u771f\u5b9e\u6570\u636e\u6216\u4e0d\u53ef\u56de\u6eda side effect\u3002",
"\u5982\u9700\u6d4f\u89c8\u5668\u8bc1\u636e\uff0c\u4fdd\u7559 baseline / proof \u4e24\u4efd\u5feb\u7167\u4ee5\u53ca console / network \u8bb0\u5f55\u3002"
],
"review_state": "needs-version-gap-review"
},
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"MediaWiki Announce RSS"
],
"source_kinds": [
"rss-feed"
],
"candidate_count": 1,
"entity_ref_count": 1,
"advisory_scope": "core",
"version_confidence": "low",
"workflow_id": "mediawiki--46bf0dec8b--workflow"
}
}
在新工单中引用 查看 Git Blame 复制永久链接