CVE-2024-25107

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Feb 8, 2024
Updated: Feb 15, 2024
CWE ID 79

Summary

CVE-2024-25107 is a vulnerability found in the WikiDiscover extension used with CreateWiki managed farms. This vulnerability allows for cross-site scripting (XSS) attacks when displaying wikis on the Special:WikiDiscover page. The issue arises from the unescaped interface message returned by the Language::date function, which is not properly escaped later in the output. Exploiting this vulnerability requires the editinterface right. The vulnerability has been addressed in commit 267e763a0, and users are advised to update their installations to mitigate the risk. There are no known workarounds for this vulnerability, and its impact score is rated as medium, with low integrity and confidentiality impacts. The exploitability score is 2.8, and it requires user interaction over a network.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-25107 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options