Ubuntu.comUB:CVE-2024-36123CVE-2024-36123
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
AI Score
Confidence
Low
EPSS
Percentile
15.5%
Citizen is a MediaWiki skin that makes extensions part of the cohesive
experience. The page MediaWiki:Tagline has its contents used unescaped,
so custom HTML (including Javascript) can be injected by someone with the
ability to edit the MediaWiki namespace (typically those with the
editinterface permission, or sysops). This vulnerability is fixed in
2.16.0.
References
github.com/StarCitizenTools/mediawiki-skins-Citizen/blob/c11fbf67a99366d5a40ef880469b222679e3b475/includes/Components/CitizenComponentPageHeading.php#L190-L195
github.com/StarCitizenTools/mediawiki-skins-Citizen/blob/c11fbf67a99366d5a40ef880469b222679e3b475/includes/Components/CitizenComponentPageHeading.php#L197-L201
github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/4a43280242f33e54643087da4a7f40970d2640c9
github.com/StarCitizenTools/mediawiki-skins-Citizen/releases
github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-jhm6-qjhq-5mf9
launchpad.net/bugs/cve/CVE-2024-36123
nvd.nist.gov/vuln/detail/CVE-2024-36123
security-tracker.debian.org/tracker/CVE-2024-36123
www.cve.org/CVERecord?id=CVE-2024-36123
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
AI Score
Confidence
Low
EPSS
Percentile
15.5%