ManageWiki Reflected and Stored Cross-Site Scripting Vulnerability in Review Dialog

A cross-site scripting (XSS) vulnerability, allowing for reflected or stored XSS, has been identified in the ManageWiki extension for MediaWiki, prior to commit 2f177dc. The issue arises in the review dialog, where a logged-in attacker can inject a malicious payload by altering a form field. When the same user accesses the 'Review Changes' dialog, the injected payload is executed within their session context. This vulnerability has been patched in commit 2f177dc.

Impact

Exploitation of this vulnerability allows for reflected or stored cross-site scripting in the ManageWiki review dialog. The injected script is executed in the context of the user's session. In cases where a privileged user is tricked into submitting the malicious payload, this could escalate to stored XSS.

Reproduction

To reproduce this vulnerability, a logged-in user must modify a ManageWiki form field to include a malicious payload, such as a JavaScript script. After injecting the payload, the user should open the 'Review Changes' dialog, where the payload will be executed in their session context. This vulnerability can also be exploited by convincing a privileged user to inject the payload, leading to stored XSS.

Remediation

Users should upgrade to version 2f177dc or later, where this vulnerability has been patched.