Unrated severityNVD Advisory· Published Jun 3, 2024· Updated Aug 2, 2024
Citizen has a Stored Cross-Site Scripting Vulnerability by editing MediaWiki:Tagline
CVE-2024-36123
Description
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The page MediaWiki:Tagline has its contents used unescaped, so custom HTML (including Javascript) can be injected by someone with the ability to edit the MediaWiki namespace (typically those with the editinterface permission, or sysops). This vulnerability is fixed in 2.16.0.
Affected products
2- Range: < 2.16.0
Patches
Vulnerability mechanics
References
5- github.com/StarCitizenTools/mediawiki-skins-Citizen/blob/c11fbf67a99366d5a40ef880469b222679e3b475/includes/Components/CitizenComponentPageHeading.phpmitrex_refsource_MISC
- github.com/StarCitizenTools/mediawiki-skins-Citizen/blob/c11fbf67a99366d5a40ef880469b222679e3b475/includes/Components/CitizenComponentPageHeading.phpmitrex_refsource_MISC
- github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/4a43280242f33e54643087da4a7f40970d2640c9mitrex_refsource_MISC
- github.com/StarCitizenTools/mediawiki-skins-Citizen/releasesmitrex_refsource_MISC
- github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-jhm6-qjhq-5mf9mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.