PT-2024-28936 · Unknown+2 · Metrolook Skin+2
Ashley
·
Published
2024-07-06
·
Updated
2025-06-19
·
CVE-2024-40600
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
MediaWiki Metrolook skin versions through 1.42.1
Description
An issue was discovered in the Metrolook skin for MediaWiki, where there is stored XSS via MediaWiki:Sidebar top-level menu entries.
Recommendations
For versions through 1.42.1, consider disabling the
MediaWiki:Sidebar top-level menu entries as a temporary workaround until a patch is available.
Restrict access to the MediaWiki:Sidebar to minimize the risk of exploitation.
Avoid using the MediaWiki:Sidebar in the affected MediaWiki instances until the issue is resolved.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Mediawiki
Metrolook Skin