PT-2024-32847 · Mediawiki · Mediawiki Css Extension

Bawolff

Published

2024-10-04

Updated

2024-10-23

CVE-2024-47845

CVSS v3.1

8.2

High

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

Name of the Vulnerable Software and Affected Versions Mediawiki - CSS Extension versions 1.39.X through 1.39.8 Mediawiki - CSS Extension versions 1.41.X through 1.41.2 Mediawiki - CSS Extension versions 1.42.X through 1.42.1

Description The issue is related to improper encoding or escaping of output, which allows code injection. This is a Code Injection Vulnerability in the Mediawiki CSS Extension.

Recommendations For versions 1.39.X through 1.39.8, update to version 1.39.9 or later. For versions 1.41.X through 1.41.2, update to version 1.41.3 or later. For versions 1.42.X through 1.42.1, update to version 1.42.2 or later.

Exploit

Fix

Improper Encoding or Escaping of Output

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-116

Related Identifiers

CVE-2024-47845

Affected Products

Mediawiki Css Extension

PT-2024-32847 · Mediawiki · Mediawiki Css Extension

CVE-2024-47845

Weakness Enumeration

Related Identifiers

Affected Products

References · 10