3DAlloy Stored Cross-Site Scripting Vulnerability
Vulnerability
A stored cross-site scripting vulnerability has been identified in the 3DAlloy extension for MediaWiki, affecting versions 1.0 through 1.8. The vulnerability arises because the <3d> parser tag and the {{#3d}} parser function allow users to insert custom attributes that are directly appended to the canvas HTML element without any sanitization. This lack of input validation enables the injection and execution of arbitrary JavaScript.
Impact
Exploitation of this vulnerability allows for the execution of arbitrary JavaScript, which could lead to various consequences such as privilege escalation, denial-of-service, or information leaks.
Reproduction
To reproduce this vulnerability, create a wiki page containing a <3d> tag with an unsanitized attribute, such as 'onmouseenter' with a JavaScript alert command. Additionally, use the {{#3d}} parser function with similar unsanitized attributes. Hovering over the 3D viewer will trigger the injected JavaScript, demonstrating the cross-site scripting vulnerability.
Remediation
Users can update to 3DAlloy version 1.9 or later to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.