CVE-2024-36123

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-36123
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-36123.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-36123
Related
Published
2024-06-03T15:15:08Z
Modified
2025-01-15T05:14:13.646061Z
Summary
[none]
Details

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The page MediaWiki:Tagline has its contents used unescaped, so custom HTML (including Javascript) can be injected by someone with the ability to edit the MediaWiki namespace (typically those with the editinterface permission, or sysops). This vulnerability is fixed in 2.16.0.

References

Affected packages

Git / github.com/starcitizentools/mediawiki-skins-citizen

Affected ranges

Type
GIT
Repo
https://github.com/starcitizentools/mediawiki-skins-citizen
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
4a43280242f33e54643087da4a7f40970d2640c9
Fixed
4a43280242f33e54643087da4a7f40970d2640c9

Affected versions

v1.*

v1.10.0
v1.13.0
v1.14.0
v1.14.1
v1.15.0
v1.16.0
v1.16.1
v1.17.0
v1.17.1
v1.17.2
v1.17.3
v1.17.4
v1.17.5
v1.17.6
v1.17.7
v1.17.8
v1.17.9
v1.9.4
v1.9.5

v2.*

v2.0.0
v2.0.0-alpha.0
v2.0.0-alpha.1
v2.0.0-alpha.2
v2.0.0-beta.0
v2.0.0-beta.1
v2.0.0-beta.2
v2.0.0-beta.3
v2.0.0-beta.4
v2.0.1
v2.1.0
v2.10.0
v2.10.1
v2.11.0
v2.11.1
v2.12.0
v2.13.0
v2.13.1
v2.13.2
v2.13.3
v2.13.4
v2.13.5
v2.14.0
v2.14.1
v2.15.0
v2.15.1
v2.2.0
v2.3.0
v2.3.1
v2.3.2
v2.3.3
v2.3.4
v2.3.5
v2.3.6
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.4.4
v2.5.0
v2.5.1
v2.5.2
v2.6.0
v2.6.1
v2.6.2
v2.6.3
v2.6.4
v2.6.5
v2.6.6
v2.7.0
v2.7.1
v2.7.10
v2.7.11
v2.7.2
v2.7.3
v2.7.4
v2.7.5
v2.7.6
v2.7.7
v2.7.8
v2.7.9
v2.8.0
v2.8.1
v2.8.2
v2.8.3
v2.8.4
v2.8.5
v2.9.0
v2.9.1