Code Injection Vulnerability in Mediawiki - CSS Extension
CVE-2024-47845

8.2HIGH

Key Information:

Vendor

The Wikimedia Foundation

Status
Mediawiki - Css Extension
Vendor
CVE Published:
5 October 2024

What is CVE-2024-47845?

A vulnerability has been identified in the Mediawiki - CSS Extension, which arises from improper encoding or escaping of output. This security flaw could allow an attacker to inject malicious code into web applications utilizing the affected extension. Versions of the Mediawiki CSS Extension prior to 1.39.9, 1.41.3, and 1.42.2 are vulnerable, posing significant risks to application integrity and overall user security. It is crucial for organizations using these versions to apply the necessary updates and safeguards to mitigate potential exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Mediawiki - CSS Extension 1.39.x < 1.39.9

Mediawiki - CSS Extension 1.41.x < 1.41.3

Mediawiki - CSS Extension 1.42.x < 1.42.2

References

https://phabricator.wikimedia.org/T368628
https://phabricator.wikimedia.org/T368594
https://gerrit.wikimedia.org/r/q/I6f38f4a8fc1dcd690ab27b8...

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

BlankEclair
Bawolff
JSON
.