CVE-2024-25109

Name of the Vulnerable Software and Affected Versions ManageWiki (affected versions not specified)

Description ManageWiki is a MediaWiki extension that allows users to manage wikis. The issue arises because Special:ManageWiki does not properly escape interface messages on the columns and help keys on the form descriptor. This oversight can be exploited by an attacker to launch a cross-site scripting attack. To exploit this vulnerability on-wiki, the attacker would need to have the (editinterface) right.

Recommendations To resolve this vulnerability, users should apply the code changes in commits 886cc6b94, 2ef0f50880, and 6942e8b2c. As a temporary workaround, consider restricting access to the Special:ManageWiki page until the code changes are applied. Avoid using the columns and help keys on the form descriptor in the affected ManageWiki extension until the issue is resolved.