Wikimedia MediaWiki SecurePoll Extension Stored Cross-Site Scripting Vulnerability
Vulnerability
A stored cross-site scripting vulnerability has been identified in the SecurePoll extension of MediaWiki, specifically in the master branch. This issue arises from improper handling of input in system messages, which are inserted as raw HTML, allowing malicious scripts to be executed when the message is viewed.
Impact
Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the poll.
Reproduction
To reproduce this vulnerability, set the configuration variable 'wgUseXssLanguage' to true. Create a poll and navigate to the translation import source page for that poll, using a language that triggers the XSS payload. Click the import button to execute the injected script.
Remediation
The vulnerability has been addressed in a patch that modifies how system messages are handled, ensuring that they are properly sanitized before being displayed. This patch is available in the official MediaWiki Gerrit repository.