Veracode Vulnerability DatabaseVERACODE:46893

HistoryMay 14, 2024 - 8:10 a.m.

Cross-site Scripting (XSS)

2024-05-1408:10:39

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

mediawiki

cross-site scripting

commentparser

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

MediaWiki is vulnerable to Cross-Site Scripting (XSS). The vulnerability is due to mishandling of the 0x1b character in includes/CommentFormatter/CommentParser.php, as demonstrated by Special:RecentChanges#%1b0000000.

CPENameOperatorVersion
mediawiki:sideq1:1.35.0-1
mediawiki:sideq1:1.35.0-1

CPE	Name	Operator	Version
	mediawiki:sid	eq	1:1.35.0-1
	mediawiki:sid	eq	1:1.35.0-1

References

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/

phabricator.wikimedia.org/T355538

security-tracker.debian.org/tracker/CVE-2024-34507