CVE-2024-47847: Mediawiki Cargo extension vulnerable to Cross-site Scripting

October 5, 2024 (updated October 7, 2024)

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1.

References

gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/1063804
gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/1063806
gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/1063827
gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/1063831
github.com/advisories/GHSA-jqvm-9xm2-gc38
github.com/wikimedia/mediawiki-extensions-Cargo
nvd.nist.gov/vuln/detail/CVE-2024-47847
phabricator.wikimedia.org/T368628
phabricator.wikimedia.org/T372211

Code Behaviors & Features

Detect and mitigate CVE-2024-47847 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →