CVE-2024-25109

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-25109
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-25109.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-25109
Related
  • GHSA-4jr2-jhfm-2r84
Published
2024-02-09T23:15:10Z
Modified
2025-01-14T19:46:51Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

ManageWiki is a MediaWiki extension allowing users to manage wikis. Special:ManageWiki does not escape escape interface messages on the columns and help keys on the form descriptor. An attacker may exploit this and would have a cross site scripting attack vector. Exploiting this on-wiki requires the (editinterface) right. Users should apply the code changes in commits 886cc6b94, 2ef0f50880, and 6942e8b2c to resolve this vulnerability. There are no known workarounds for this vulnerability.

References

Affected packages

Git / github.com/miraheze/managewiki

Affected ranges

Type
GIT
Repo
https://github.com/miraheze/managewiki
Events