Wikimedia MediaWiki AdvancedSearch Extension Stored Cross-Site Scripting Vulnerability
Vulnerability
A stored cross-site scripting vulnerability has been identified in the Wikimedia Foundation's MediaWiki AdvancedSearch Extension, affecting versions from master prior to 1.39. This vulnerability arises from improper handling of system messages, which are inserted as HTML without proper escaping. As a result, an attacker can inject malicious scripts that are stored and executed later.
Impact
Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user.
Reproduction
To reproduce this vulnerability, enable the AdvancedSearch extension and set the configuration variable '$wgUseXssLanguage' to 'true'. Then, navigate to the search page with the 'uselang' parameter set to 'x-xss'. This will trigger alerts for several system messages that contain the injected scripts.
Remediation
Users can update to the latest version of the MediaWiki AdvancedSearch Extension, where this vulnerability has been addressed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.