MediaWiki CheckUser Extension Special:Investigate Page Reflected Cross-Site Scripting Vulnerability

A reflected cross-site scripting vulnerability has been identified in the CheckUser extension of MediaWiki, specifically on the Special:Investigate page within the Account Information tab. This issue arises because certain internationalized messages are not properly escaped, allowing attackers to inject malicious scripts. The vulnerability can be exploited by appending '?uselang=x-xss' to the URL, which triggers the reflection of the injected script when the message keys are rendered. This vulnerability affects CheckUser extension versions 1.39.X prior to 1.39.13, 1.42.X prior to 1.42.7, and 1.43.X prior to 1.43.2.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, navigate to the Special:Investigate page of the CheckUser extension. In the Account Information tab, append '?uselang=x-xss' to the URL. This will trigger the reflected cross-site scripting vulnerability by executing the injected script in a popup alert.

Remediation

Users can update to CheckUser extension versions 1.39.13, 1.42.7, or 1.43.2 to address this vulnerability.