CVE-2024-40604

Summary

CVE-2024-40604 is a stored Cross-Site Scripting (XSS) vulnerability affecting the Nimbus skin for MediaWiki versions up to 1.42.1. An attacker can exploit this issue by injecting malicious scripts into MediaWiki:Nimbus-sidebar menu and submenu entries. Successful exploitation allows the attacker to execute arbitrary scripts in the context of the victim's browser when they view the affected page. This could lead to unauthorized access, data theft, or other malicious activities. It is crucial for MediaWiki users to apply the necessary patches or updates to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.