CVE-2024-23177

Name of the Vulnerable Software and Affected Versions MediaWiki versions prior to 1.40.2 WatchAnalytics extension in MediaWiki (affected versions not specified)

Description An issue in the WatchAnalytics extension allows for XSS to occur via the Special:PageStatistics page parameter. This can enable a remote attacker to perform cross-site scripting attacks.

Recommendations For MediaWiki versions prior to 1.40.2, update to version 1.40.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the Special:PageStatistics page until a patch is available.