Lucene search

K
cvelistGitHub_MCVELIST:CVE-2024-36123
HistoryJun 03, 2024 - 2:17 p.m.

CVE-2024-36123 Citizen has a Stored Cross-Site Scripting Vulnerability by editing MediaWiki:Tagline

2024-06-0314:17:08
CWE-79
GitHub_M
www.cve.org
cve-2024-36123
mediawiki
tagline
stored
cross-site scripting
vulnerability
citizen
2.16.0
fix

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

EPSS

0

Percentile

15.5%

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The page MediaWiki:Tagline has its contents used unescaped, so custom HTML (including Javascript) can be injected by someone with the ability to edit the MediaWiki namespace (typically those with the editinterface permission, or sysops). This vulnerability is fixed in 2.16.0.

CNA Affected

[
  {
    "vendor": "StarCitizenTools",
    "product": "mediawiki-skins-Citizen",
    "versions": [
      {
        "version": "< 2.16.0",
        "status": "affected"
      }
    ]
  }
]

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

EPSS

0

Percentile

15.5%

Related for CVELIST:CVE-2024-36123