CVE-2024-47782

Name of the Vulnerable Software and Affected Versions WikiDiscover (affected versions not specified)

Description The issue concerns WikiDiscover, an extension for displaying wikis on a CreateWiki managed farm. A special page, Special:WikiDiscover, lists all wikis but fails to escape wiki names and descriptions, allowing for XSS payload execution when a wiki with such a payload is shown. The estimated number of potentially affected devices is not provided, and there is no information about real-world incidents where this issue was exploited. Technical details include the lack of escaping for wiki names and descriptions, enabling XSS attacks through Special:WikiDiscover.

Recommendations For all versions of WikiDiscover, apply the patch with commit 2ce846dd93 to resolve the issue. As a temporary workaround for users unable to upgrade, block access to Special:WikiDiscover to minimize the risk of exploitation.