CVE-2017-20175

Name of the Vulnerable Software and Affected Versions DaSchTour matomo-mediawiki-extension versions up to 2.4.2

Description A vulnerability has been found in the DaSchTour matomo-mediawiki-extension, affecting an unknown part of the file Piwik.hooks.php of the component Username Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The complexity of an attack is rather high, and the exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.

Recommendations Upgrading to version 2.4.3 is able to address this issue. It is recommended to upgrade the affected component. As a temporary workaround, consider restricting access to the vulnerable component Username Handler until the patch is applied.