logo

Database

Reflected cross-site scripting (XSS) In mediawiki/cargo

Description

MediaWiki Cargo Extension Cross-site Scripting vulnerability An issue was discovered in the Cargo extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:Drilldown page allows XSS via artist, album, and position parameters because of applied filter values in drilldown/CargoAppliedFilter.php.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2024-231732. NVD-2024-231733. OSV-2024-231734. GCVE-2024-23173

References

1. https://github.com/wikimedia/mediawiki-extensions-Cargo/commit/e4f0b7fb11da0e4b18f2c416101965e417ba3bd22. https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/9652143. https://phabricator.wikimedia.org/T348687

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.

FLAT-AFKMP – Vulnerability | Fluid Attacks Database