Description

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The page `MediaWiki:Tagline` has its contents used unescaped, so custom HTML (including Javascript) can be injected by someone with the ability to edit the MediaWiki namespace (typically those with the `editinterface` permission, or sysops). This vulnerability is fixed in 2.16.0.

INFO

Published Date :

2024-06-03T14:17:08.664Z

Last Modified :

2024-08-02T03:30:13.034Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-36123 vulnerability.

Vendors Products
Starcitizen.tools
  • Citizen
Starcitizentools
  • Mediawiki-skins-citizen
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-36123.

URL Resource
https://github.com/StarCitizenTools/mediawiki-skins-Citizen/blob/c11fbf67a99366d5a40ef880469b222679e3b475/includes/Components/CitizenComponentPageHeading.php#L190-L195 cve-icon cve-icon
https://github.com/StarCitizenTools/mediawiki-skins-Citizen/blob/c11fbf67a99366d5a40ef880469b222679e3b475/includes/Components/CitizenComponentPageHeading.php#L197-L201 cve-icon cve-icon
https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/4a43280242f33e54643087da4a7f40970d2640c9 cve-icon cve-icon
https://github.com/StarCitizenTools/mediawiki-skins-Citizen/releases cve-icon cve-icon
https://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-jhm6-qjhq-5mf9 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact