CVE-2024-34507

2024-05-0500:00:00

mitre

github.com

cve-2024-34507

mediawiki

xss

commentparser.php

1.39.7

1.40.x

1.40.3

1.41.x

1.41.1

special:recentchanges

AI Score

Confidence

High

EPSS

Percentile

9.0%

SSVC

Exploitation

poc

Automatable

Technical Impact

partial

JSON

An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. XSS can occur because of mishandling of the 0x1b character, as demonstrated by Special:RecentChanges#%1b0000000.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:mediawiki:mediawiki:-:*:*:*:*:*:*:*"
    ],
    "vendor": "mediawiki",
    "product": "mediawiki",
    "versions": [
      {
        "status": "affected",
        "version": "-"
      }
    ],
    "defaultStatus": "unknown"
  }
]