GitHub_MCVELIST:CVE-2024-25109CVE-2024-25109 Cross-Site Scripting in the extensions, settings, permissions and namespaces subpages of ManageWiki
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
EPSS
Percentile
26.5%
ManageWiki is a MediaWiki extension allowing users to manage wikis. Special:ManageWiki does not escape escape interface messages on the columns and help keys on the form descriptor. An attacker may exploit this and would have a cross site scripting attack vector. Exploiting this on-wiki requires the (editinterface) right. Users should apply the code changes in commits 886cc6b94, 2ef0f50880, and 6942e8b2c to resolve this vulnerability. There are no known workarounds for this vulnerability.
CNA Affected
[
{
"vendor": "miraheze",
"product": "ManageWiki",
"versions": [
{
"version": "< 6942e8b2c01dc33c2c41a471f91ef3f6ca726073",
"status": "affected"
}
]
}
]References
github.com/miraheze/ManageWiki/commit/2ef0f50880d7695ca2874dc8dd515b2b9bbb02e5
github.com/miraheze/ManageWiki/commit/6942e8b2c01dc33c2c41a471f91ef3f6ca726073
github.com/miraheze/ManageWiki/commit/886cc6b94587f1c7387caa26ca9fe612e01836a0
github.com/miraheze/ManageWiki/security/advisories/GHSA-4jr2-jhfm-2r84
issue-tracker.miraheze.org/T11812
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
EPSS
Percentile
26.5%