Описание
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Apisandbox/ApiSandboxLayout.Js.
This issue affects MediaWiki: from * before 1.44.3, 1.45.1.
A flaw was found in MediaWiki. An Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS), vulnerability exists in the ApiSandboxLayout.Js program file. This flaw could potentially allow an attacker with high privileges to inject malicious scripts into web pages. While the direct impact is not specified, XSS vulnerabilities typically enable client-side attacks.
Отчет
This vulnerability in MediaWiki allows for stored cross-site scripting (XSS) through a system message in the Special:ApiSandbox feature. An attacker with appropriate privileges to store system messages could inject malicious scripts, potentially leading to arbitrary code execution within a user's browser session. This impact is relevant to Red Hat customers deploying MediaWiki, particularly where untrusted users have permissions to modify system messages.
Меры по смягчению последствий
To mitigate this issue, restrict the ability to modify system messages within MediaWiki to only trusted and authorized administrators. This operational control limits the attack surface by preventing unauthorized users from injecting malicious scripts into system messages that are processed by the Special:ApiSandbox feature. Consult MediaWiki documentation for specific instructions on managing user permissions related to interface message editing.
Дополнительная информация
Статус:
4.8 Medium
CVSS3
Связанные уязвимости
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Apisandbox/ApiSandboxLayout.Js. This issue affects MediaWiki: from * before 1.44.3, 1.45.1.
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Apisandbox/ApiSandboxLayout.Js. This issue affects MediaWiki: from * before 1.44.3, 1.45.1.
Improper Neutralization of Input During Web Page Generation (XSS or 'C ...
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Apisandbox/ApiSandboxLayout.Js. This issue affects MediaWiki: from * before 1.44.3, 1.45.1.
4.8 Medium
CVSS3