PT-2024-32849 · Cargo+1 · Cargo+1

Blankeclair

Published

2024-10-04

Updated

2024-10-16

CVE-2024-47847

CVSS v4.0

6.9

Medium

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Mediawiki - Cargo versions 3.6.X through 3.6.0

Description The issue affects Mediawiki - Cargo, allowing Cross-Site Scripting (XSS). This is due to an Improper Neutralization of Input During Web Page Generation vulnerability.

Recommendations For versions 3.6.X through 3.6.0, update to version 3.6.1 or later to resolve the issue.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2024-47847

GHSA-JQVM-9XM2-GC38

Affected Products

Cargo

Mediawiki

PT-2024-32849 · Cargo+1 · Cargo+1

CVE-2024-47847

Weakness Enumeration

Related Identifiers

Affected Products

References · 15