Unrated severityNVD Advisory· Published Feb 9, 2024· Updated Aug 1, 2024
Cross-Site Scripting in the extensions, settings, permissions and namespaces subpages of ManageWiki
CVE-2024-25109
Description
ManageWiki is a MediaWiki extension allowing users to manage wikis. Special:ManageWiki does not escape escape interface messages on the columns and help keys on the form descriptor. An attacker may exploit this and would have a cross site scripting attack vector. Exploiting this on-wiki requires the (editinterface) right. Users should apply the code changes in commits 886cc6b94, 2ef0f50880, and 6942e8b2c to resolve this vulnerability. There are no known workarounds for this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- miraheze/ManageWikiv5Range: < 6942e8b2c01dc33c2c41a471f91ef3f6ca726073
Patches
Vulnerability mechanics
References
5- github.com/miraheze/ManageWiki/commit/2ef0f50880d7695ca2874dc8dd515b2b9bbb02e5mitrex_refsource_MISC
- github.com/miraheze/ManageWiki/commit/6942e8b2c01dc33c2c41a471f91ef3f6ca726073mitrex_refsource_MISC
- github.com/miraheze/ManageWiki/commit/886cc6b94587f1c7387caa26ca9fe612e01836a0mitrex_refsource_MISC
- github.com/miraheze/ManageWiki/security/advisories/GHSA-4jr2-jhfm-2r84mitrex_refsource_CONFIRM
- issue-tracker.miraheze.org/T11812mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.