CVE-2024-47812

CVSS 3.1 Score 6.0 of 10 (medium)

Details

Published Oct 9, 2024

CWE ID 79

CWE ID 80

Summary

CVE-2024-47812 affects the ImportDump extension for MediaWiki, which facilitates automated user import requests. The vulnerability allows users with high-level privileges, such as administrators, to inject cross-site scripting (XSS) payloads into messages displayed on the Special:RequestImportQueue page. This can potentially compromise user sessions and expose sensitive data to attackers. To mitigate the risk, users should apply the patch found in commit d054b95, or alternatively restrict access to the Special:RequestImportQueue page entirely. Failure to address this vulnerability could lead to significant integrity impacts within an organization’s MediaWiki implementation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database