mediawiki is vulnerable to cross-site scripting (XSS). The attack is possible because it allows the creation of a page that does not correspond to any user, e.g User:Foo/bar.js
. Subsequently, an attacker will be able to create an account User:Foo
and create a malicious script bar.js
, which causes the malicious code within the script to be executed when the user loads the page with importScript( 'User:Foo/bar.js' );
.
github.com/wikimedia/mediawiki/commit/0be838ed6a2954b98a6b66ba7bacbf91fcb06579
github.com/wikimedia/mediawiki/commit/35023d616fb75a4c3b7a58f04b16d22e81a7403b
github.com/wikimedia/mediawiki/commit/50c42768cb12d906259c43aeb0b0cdfd06e5ddec
lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
phabricator.wikimedia.org/T207603