CVE-2024-23172
CVSS 3.1 Score 5.4 of 10 (medium)
Details
Summary
CVE-2024-23172 is a vulnerability affecting the CheckUser extension in MediaWiki versions before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. This issue allows for Cross-Site Scripting (XSS) attacks through message definitions, specifically in the SpecialCheckUserLog feature. Attackers can exploit this vulnerability to inject malicious scripts into unsuspecting users' browsers, potentially stealing sensitive information or taking control of their accounts. MediaWiki users are strongly encouraged to update their extensions to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Mediawiki
Affected Vendors
- Mediawiki