Wikimedia Foundation MediaWiki Tabs Extension Code Injection Vulnerability
Vulnerability
A code injection vulnerability has been identified in the Wikimedia Foundation MediaWiki Tabs Extension, affecting versions 1.39 through 1.43. This vulnerability arises from improper input validation, which allows for unauthorized code execution.
Impact
Exploitation of this vulnerability leads to code injection, allowing attackers to execute arbitrary code within the application.
Reproduction
The vulnerability can be reproduced by crafting a tab or a tab container with specific styles or message contents that bypass the extension's input validation. This can include injecting CSS that exploits the way the extension handles tab rendering.
Remediation
Users can update to MediaWiki Tabs Extension versions 1.39.12, 1.42.6, or 1.43.1, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.