PT-2024-32845 · Mediawiki · Mediawiki
R4356Th
·
Published
2024-10-04
·
Updated
2024-10-16
·
CVE-2024-47840
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Mediawiki - Apex skin versions 1.39.X through 1.39.8
Mediawiki - Apex skin versions 1.41.X through 1.41.2
Mediawiki - Apex skin versions 1.42.X through 1.42.1
Description
The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS, where an attacker can inject malicious scripts into the website, potentially affecting users who access the compromised page.
Recommendations
For Mediawiki - Apex skin versions 1.39.X through 1.39.8, update to version 1.39.9 or later.
For Mediawiki - Apex skin versions 1.41.X through 1.41.2, update to version 1.41.3 or later.
For Mediawiki - Apex skin versions 1.42.X through 1.42.1, update to version 1.42.2 or later.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mediawiki