Описание
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Action/mediawiki.Action.Edit.Preview.Js, resources/src/mediawiki.Page.Preview.Js.
This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.
A flaw was found in MediaWiki. A remote attacker with high privileges could exploit an Improper Neutralization of Input During Web Page Generation (Cross-site Scripting or XSS) vulnerability. This flaw allows the injection of malicious scripts into web pages, which can lead to information disclosure or session hijacking.
Отчет
The vulnerability in MediaWiki allows for stored Cross-site Scripting (XSS) through system messages. Exploitation requires high privileges, limiting the attack surface to trusted administrators or users with elevated permissions. Red Hat products utilizing MediaWiki are affected if configured to allow untrusted content from highly privileged users.
Меры по смягчению последствий
To mitigate this issue, restrict network access to the MediaWiki server to trusted networks only, utilizing firewall rules to prevent unauthorized access to the web application. Additionally, ensure that administrative privileges for MediaWiki are granted only to highly trusted personnel, as the vulnerability requires high privileges for script injection.
Дополнительная информация
Статус:
EPSS
4.6 Medium
CVSS3
Связанные уязвимости
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Action/mediawiki.Action.Edit.Preview.Js, resources/src/mediawiki.Page.Preview.Js. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Action/mediawiki.Action.Edit.Preview.Js, resources/src/mediawiki.Page.Preview.Js. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.
Improper Neutralization of Input During Web Page Generation (XSS or 'C ...
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Action/mediawiki.Action.Edit.Preview.Js, resources/src/mediawiki.Page.Preview.Js. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.
EPSS
4.6 Medium
CVSS3