Ashley

**Name of the Vulnerable Software and Affected Versions** Mediawiki - SocialProfile Extension versions 1.39.X through 1.39.11 Mediawiki - SocialProfile Extension versions 1.41.X through 1.41.3 Mediawiki - SocialProfile Extension versions 1.42.X through 1.42.2 **Description** The issue allows exposure of sensitive information to an unauthorized actor, enabling functionality misuse. **Recommendations** For versions 1.39.X through 1.39.11, update to a version after 1.39.11. For versions 1.41.X through 1.41.3, update to a version after 1.41.3. For versions 1.42.X through 1.42.2, update to a version after 1.42.2.

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions 1.42.1 and earlier **Description** An issue was discovered in the Foreground skin for MediaWiki. There is stored XSS via MediaWiki: `Sidebar` top-level menu entries. **Recommendations** For MediaWiki versions 1.42.1 and earlier, consider disabling the Foreground skin until a patch is available. Restrict access to the `Sidebar` top-level menu entries to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions through 1.42.1 **Description** An issue was discovered in the Nimbus skin for MediaWiki. There is Stored XSS via MediaWiki:Nimbus-sidebar menu and submenu entries. **Recommendations** For versions through 1.42.1, consider disabling the Nimbus skin until a patch is available. Restrict access to the MediaWiki:Nimbus-sidebar menu and submenu entries to minimize the risk of exploitation. Avoid using the Nimbus skin for MediaWiki until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ArticleRatings extension for MediaWiki versions through 1.42.1 **Description** An issue was discovered in the ArticleRatings extension for MediaWiki, where Special:ChangeRating allows CSRF to alter data via a GET request. This issue enables Cross-Site Request Forgery (CSRF) attacks, which can modify data without the user's consent. **Recommendations** For versions through 1.42.1, consider disabling the Special:ChangeRating feature until a patch is available to prevent CSRF attacks. Restrict access to this feature to minimize the risk of exploitation. Avoid using GET requests to alter data in the affected extension until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions through 1.42.1 **Description** An issue was discovered in the Tempo skin for MediaWiki. There is stored XSS via MediaWiki:Sidebar top-level menu entries. **Recommendations** For versions through 1.42.1, consider disabling the Tempo skin until a patch is available. Restrict access to the MediaWiki:Sidebar top-level menu entries to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MediaWikiChat extension for MediaWiki versions through 1.42.1 **Description** An issue was discovered in the MediaWikiChat extension for MediaWiki, where CSRF can occur in API modules. **Recommendations** For MediaWikiChat extension for MediaWiki versions through 1.42.1, consider disabling access to API modules until a patch is available. As a temporary workaround, restrict access to the MediaWikiChat extension to minimize the risk of exploitation. Avoid using the MediaWikiChat extension until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MediaWiki Metrolook skin versions through 1.42.1 **Description** An issue was discovered in the Metrolook skin for MediaWiki, where there is stored XSS via MediaWiki:Sidebar top-level menu entries. **Recommendations** For versions through 1.42.1, consider disabling the `MediaWiki:Sidebar` top-level menu entries as a temporary workaround until a patch is available. Restrict access to the `MediaWiki:Sidebar` to minimize the risk of exploitation. Avoid using the `MediaWiki:Sidebar` in the affected MediaWiki instances until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions through 1.42.1 **Description** An issue was discovered in the GuMaxDD skin for MediaWiki. There is stored XSS via MediaWiki:Sidebar top-level menu entries. **Recommendations** For versions through 1.42.1, consider disabling the GuMaxDD skin until a patch is available. Restrict access to the MediaWiki:Sidebar top-level menu entries to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions prior to 1.40.2 WatchAnalytics extension in MediaWiki (affected versions not specified) **Description** An issue in the WatchAnalytics extension allows for XSS to occur via the Special:PageStatistics page parameter. This can enable a remote attacker to perform cross-site scripting attacks. **Recommendations** For MediaWiki versions prior to 1.40.2, update to version 1.40.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the Special:PageStatistics page until a patch is available.

**Name of the Vulnerable Software and Affected Versions** MediaWiki SportsTeams extension versions prior to 1.35.12 MediaWiki SportsTeams extension versions 1.36.x through 1.39.x before 1.39.5 MediaWiki SportsTeams extension versions 1.40.x before 1.40.1 **Description** An issue was discovered in the SportsTeams extension for MediaWiki. The `Special:SportsManagerLogo` and `Special:SportsTeamsManagerLogo` pages do not check for the `sportsteamsmanager` user right, allowing an attacker to affect pages concerned with sports teams. This is related to a lack of permission checks. **Recommendations** For MediaWiki SportsTeams extension versions prior to 1.35.12, update to version 1.35.12 or later. For MediaWiki SportsTeams extension versions 1.36.x through 1.39.x, update to version 1.39.5 or later. For MediaWiki SportsTeams extension versions 1.40.x before 1.40.1, update to version 1.40.1 or later. As a temporary workaround, consider restricting access to the `Special:SportsManagerLogo` and `Special:SportsTeamsManagerLogo` pages until a patch is available.

**Name of the Vulnerable Software and Affected Versions** MediaWiki SportsTeams extension versions 1.35.x through 1.35.11 MediaWiki SportsTeams extension versions 1.36.x through 1.39.4 MediaWiki SportsTeams extension versions 1.40.x through 1.40.0 **Description** An issue was discovered in the SportsTeams extension for MediaWiki. It does not check for the anti-CSRF edit token in "Special:SportsTeamsManager" and "Special:UpdateFavoriteTeams". This could allow a remote attacker to impact the integrity of protected information. **Recommendations** For MediaWiki SportsTeams extension versions 1.35.x through 1.35.11, update to version 1.35.12 or later. For MediaWiki SportsTeams extension versions 1.36.x through 1.39.4, update to version 1.39.5 or later. For MediaWiki SportsTeams extension versions 1.40.x through 1.40.0, update to version 1.40.1 or later. As a temporary workaround, consider disabling access to "Special:SportsTeamsManager" and "Special:UpdateFavoriteTeams" until a patch is available.

**Name of the Vulnerable Software and Affected Versions** FanBoxes extension for MediaWiki versions through 1.37.2 **Description** The issue allows for Special:UserBoxes CSRF. **Recommendations** For FanBoxes extension for MediaWiki versions through 1.37.2, update to a version after 027ffb0b9d6fe0d823810cf03f5b562a212162d4 to resolve the issue. As a temporary workaround, consider restricting access to the Special:UserBoxes page until a patch is available.

**Name of the Vulnerable Software and Affected Versions** MediaWiki Nimbus skin versions through 1.37.2 **Description** The issue allows XSS in Advertise link messages. **Recommendations** For MediaWiki Nimbus skin versions through 1.37.2, update to a version after 6f9c8fb868345701d9544a54d9752515aace39df to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** MediaWiki QuizGame extension versions through 1.37.2 **Description** The admin API module in the QuizGame extension for MediaWiki omits a check for the `quizadmin` user. **Recommendations** For MediaWiki QuizGame extension versions through 1.37.2, update to a version that includes the fix, specifically after commit 665e33a68f6fa1167df99c0aa18ed0157cdf9f66.

**Name of the Vulnerable Software and Affected Versions** MediaWiki Private Domains extension versions through 1.37.2 **Description** The issue allows for Cross-Site Request Forgery (CSRF) attacks, enabling an attacker to edit pages that store the extension's configuration. This can be achieved by triggering a POST request to the "Special:PrivateDomains" endpoint. **Recommendations** For MediaWiki Private Domains extension versions through 1.37.2, update to a version that includes the fix, specifically after the commit 1ad65d4c1c199b375ea80988d99ab51ae068f766. As a temporary workaround, consider restricting access to the "Special:PrivateDomains" endpoint to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.36 SocialProfile extension in MediaWiki versions through 1.36 Description: An XSS issue was discovered in the SocialProfile extension within MediaWiki. A privileged user with the `awardmanage` right could inject arbitrary HTML and JavaScript within various gift-related data fields in several special pages. This could easily propagate across many pages for many users. Recommendations: For MediaWiki versions through 1.36, update to a version that includes a fix for this issue. For the SocialProfile extension in MediaWiki versions through 1.36, consider disabling the extension until a patch is available. Restrict access to gift-related special pages to minimize the risk of exploitation. Avoid using the `awardmanage` right for users who do not need it, to reduce the potential for arbitrary HTML and JavaScript injection.

Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.36 Description: A cross-site scripting (XSS) issue was discovered in the SportsTeams extension. Within several special pages, a privileged user could inject arbitrary HTML and JavaScript within various data fields. The attack could easily propagate across many pages for many users. Recommendations: For MediaWiki versions through 1.36, update to a version that includes a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions through 1.35.1 PushToWatch extension for MediaWiki versions through 1.35.1 **Description** An issue was discovered in the PushToWatch extension for MediaWiki. The primary form did not implement an anti-CSRF token, making it vulnerable to CSRF attacks against `onSkinAddFooterLinks` in `PushToWatch.php`. **Recommendations** For MediaWiki versions through 1.35.1, consider implementing an anti-CSRF token in the primary form to prevent CSRF attacks. For the PushToWatch extension, restrict access to `onSkinAddFooterLinks` in `PushToWatch.php` until a patch is available. As a temporary workaround, consider disabling the `onSkinAddFooterLinks` function in `PushToWatch.php` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MediaWiki PollNY extension versions through 1.35 **Description** The issue allows for XSS via an answer option for a poll question. This can be entered during `Special:CreatePoll` or `Special:UpdatePoll`. **Recommendations** For MediaWiki PollNY extension versions through 1.35, update to a version that fixes the XSS issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MediaWiki extension RandomGameUnit versions through 1.35 **Description** The issue concerns the RandomGameUnit extension for MediaWiki, where certain title-related data was not properly escaped. This allowed for the manipulation of game names or titles to generate stored XSS within the extension when specific types of games were created. **Recommendations** For versions through 1.35, consider disabling the RandomGameUnit extension until a proper fix is available to prevent potential stored XSS attacks. Restrict access to game creation features to minimize the risk of exploitation.