Wikimedia Foundation MediaWiki RelatedArticles Extension Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in the Wikimedia Foundation MediaWiki RelatedArticles Extension, specifically in versions 1.43.X prior to 1.43.2. This vulnerability allows users to inject arbitrary HTML and JavaScript into the DOM, which is then executed when the affected page is viewed. The issue arises from the RelatedArticles extension's handling of descriptions sourced from TextExtracts, Wikidata, and the Description2 extension, all of which can be manipulated to include unsanitized HTML that is rendered as active content.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the page.

Reproduction

To reproduce this vulnerability, enable the RelatedArticles extension and set the description source to 'textextracts', 'wikidata', or 'pagedescription' using the Description2 extension. Create a page with a crafted description containing JavaScript payloads, and then link to this page through the RelatedArticles extension. When the related page is accessed, the injected script will execute, demonstrating the cross-site scripting vulnerability.

Remediation

Users can update to RelatedArticles Extension version 1.43.2 or later, where this vulnerability has been addressed.