CVE-2024-47815

Summary

CVE-2024-47815 identifies multiple Cross-site Scripting (XSS) vulnerabilities in the IncidentReporting extension for MediaWiki, which require elevated permissions to exploit. Affected users include those with the editincidents right, interface message editors, and those capable of editing LocalSettings.php. The vulnerabilities have been addressed in commit 43896a4, and users are strongly advised to upgrade their software to mitigate potential risks. For those unable to perform an upgrade, access to the Special:IncidentReports page should be restricted. If left unremediated, these vulnerabilities could lead to high integrity impacts within an organization, although their overall threat level is considered medium due to the high privileges required for exploitation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.