Home > Vulnerability Database > CVE-2024-36123

Mend.io Vulnerability Database

CVE-2024-36123

Date: June 3, 2024

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The page "MediaWiki:Tagline" has its contents used unescaped, so custom HTML (including Javascript) can be injected by someone with the ability to edit the MediaWiki namespace (typically those with the "editinterface" permission, or sysops). This vulnerability is fixed in 2.16.0.

Language: PHP

Severity Score

6.5

Related Resources (7)

Url: https://github.com/StarCitizenTools/mediawiki-skins-Citizen/blob/c11fbf67a99366d5a40ef880469b222679e3b475/includes/Components/CitizenComponentPageHeading.php#L190-L195

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-36123

Url: https://github.com/StarCitizenTools/mediawiki-skins-Citizen/blob/c11fbf67a99366d5a40ef880469b222679e3b475/includes/Components/CitizenComponentPageHeading.php#L197-L201

Url: https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/4a43280242f33e54643087da4a7f40970d2640c9

Url: https://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-jhm6-qjhq-5mf9

Url: https://github.com/StarCitizenTools/mediawiki-skins-Citizen/releases

Url: https://www.mend.io/vulnerability-database/CVE-2024-36123

Severity Score

6.5

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-36123

Date: June 3, 2024

Language: PHP

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?