CVE-2024-25109 Information

Description

ManageWiki is a MediaWiki extension allowing users to manage wikis. Special:ManageWiki does not escape escape interface messages on the columns and help keys on the form descriptor. An attacker may exploit this and would have a cross site scripting attack vector. Exploiting this on-wiki requires the (editinterface) right. Users should apply the code changes in commits 886cc6b94 2ef0f50880 and 6942e8b2c to resolve this vulnerability. There are no known workarounds for this vulnerability.

Reference

https://github.com/miraheze/ManageWiki/security/advisories/GHSA-4jr2-jhfm-2r84 https://github.com/miraheze/ManageWiki/commit/2ef0f50880d7695ca2874dc8dd515b2b9bbb02e5 https://github.com/miraheze/ManageWiki/commit/6942e8b2c01dc33c2c41a471f91ef3f6ca726073 https://github.com/miraheze/ManageWiki/commit/886cc6b94587f1c7387caa26ca9fe612e01836a0 https://issue-tracker.miraheze.org/T11812