logo

Database

Reflected cross-site scripting (XSS) In mediawiki/cargo

Description

Mediawiki Cargo extension vulnerable to Cross-site Scripting Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2024-478472. NVD-2024-478473. OSV-2024-478474. GCVE-2024-47847

References

1. https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/10638042. https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/10638063. https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/10638274. https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/10638315. https://phabricator.wikimedia.org/T3686286. https://phabricator.wikimedia.org/T372211

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.