VYPR
Unrated severityNVD Advisory· Published Jun 3, 2024· Updated Aug 2, 2024

Citizen has a Stored Cross-Site Scripting Vulnerability by editing MediaWiki:Tagline

CVE-2024-36123

Description

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The page MediaWiki:Tagline has its contents used unescaped, so custom HTML (including Javascript) can be injected by someone with the ability to edit the MediaWiki namespace (typically those with the editinterface permission, or sysops). This vulnerability is fixed in 2.16.0.

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.