Описание
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Page.Preview.Js.
This issue affects MediaWiki: from * before 1.43.6, 1.44.3, 1.45.1.
A flaw was found in MediaWiki. This cross-site scripting (XSS) vulnerability occurs due to improper neutralization of input during web page generation within the resources/src/mediawiki.Page.Preview.Js program file. A remote attacker with high privileges could exploit this flaw to inject malicious scripts into web pages, potentially leading to information disclosure or other client-side attacks.
Отчет
This vulnerability in MediaWiki is a theoretical cross-site scripting (XSS) flaw that could occur when a page has multiple protection levels. Exploitation requires high privileges within the MediaWiki environment. While MediaWiki is available in Red Hat's Community Projects (e.g., Fedora), the practical impact is limited due to the specific conditions and privilege requirements for exploitation.
Меры по смягчению последствий
To reduce the attack surface, restrict network access to the MediaWiki instance to trusted networks or users. Deploying a web application firewall (WAF) can help filter and sanitize input, thereby mitigating potential cross-site scripting (XSS) attacks. Ensure that any changes to network configurations or firewall rules are thoroughly tested to avoid disrupting legitimate access to the MediaWiki service.
Дополнительная информация
Статус:
3.7 Low
CVSS3
Связанные уязвимости
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Page.Preview.Js. This issue affects MediaWiki: from * before 1.43.6, 1.44.3, 1.45.1.
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Page.Preview.Js. This issue affects MediaWiki: from * before 1.43.6, 1.44.3, 1.45.1.
Improper Neutralization of Input During Web Page Generation (XSS or 'C ...
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Page.Preview.Js. This issue affects MediaWiki: from * before 1.43.6, 1.44.3, 1.45.1.
3.7 Low
CVSS3