Moderate severityNVD Advisory· Published Oct 5, 2024· Updated Oct 7, 2024

Various XSSes found in Cargo

CVE-2024-47847

Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
mediawiki/cargoPackagist	< 3.6.1	3.6.1

Affected products

ghsa-coords
pkg:composer/mediawiki/cargo
Range: < 3.6.1
Wikimedia Foundation/Mediawikicpe-rescue
Range: 3.6.x

Patches

Vulnerability mechanics

References

github.com/advisories/GHSA-jqvm-9xm2-gc38ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-47847ghsaADVISORY
gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/1063804ghsaWEB
gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/1063806ghsaWEB
gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/1063827ghsaWEB
gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/1063831ghsaWEB
phabricator.wikimedia.org/T368628ghsaWEB
phabricator.wikimedia.org/T372211ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000