Lucene search

K
cve[email protected]CVE-2024-36123
HistoryJun 03, 2024 - 3:15 p.m.

CVE-2024-36123

2024-06-0315:15:08
CWE-79
web.nvd.nist.gov
42
nvd
security vulnerability
cve-2024-36123

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

AI Score

6.7

Confidence

Low

EPSS

0

Percentile

15.5%

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The page MediaWiki:Tagline has its contents used unescaped, so custom HTML (including Javascript) can be injected by someone with the ability to edit the MediaWiki namespace (typically those with the editinterface permission, or sysops). This vulnerability is fixed in 2.16.0.

Affected configurations

Vulners
Node
starcitizentoolsmediawiki_skins_citizenRange<2.16.0

CNA Affected

[
  {
    "vendor": "StarCitizenTools",
    "product": "mediawiki-skins-Citizen",
    "versions": [
      {
        "version": "< 2.16.0",
        "status": "affected"
      }
    ]
  }
]

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

AI Score

6.7

Confidence

Low

EPSS

0

Percentile

15.5%

Related for CVE-2024-36123