CVSS 3.1 Score 6.1 of 10 (medium)


Published Jan 12, 2024
Updated: Jan 18, 2024


CVE-2024-23173 is a vulnerability found in the Cargo extension in MediaWiki versions before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The vulnerability allows for cross-site scripting (XSS) attacks through the Special:Drilldown page when certain parameters are used, such as artist, album, and position filters in drilldown/CargoAppliedFilter.php. This vulnerability affects a wide range of products including Xz2hff, Xz2hfe, Xz2hf_, and others listed in the "affected_products" section of the CVE description. To remediate this vulnerability, users should update their MediaWiki installations to versions 1.35.14, 1.39.6, or 1.40.2 or newer to mitigate the risk of XSS attacks exploiting this issue.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-23173 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options