Wikimedia MediaWiki UploadWizard Extension Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in the UploadWizard extension of MediaWiki, affecting versions prior to 1.39. This issue arises from the improper handling of a system message, which is inserted as raw HTML, allowing for the injection of malicious scripts that are stored and executed later.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user.

Reproduction

To reproduce this vulnerability, ensure that the 'wgUseXssLanguage' variable is set to true and that uploads are enabled. Log in to the application and navigate to 'Special:UploadWizard' with the 'x-xss' language option. After selecting a file to upload, proceed through the upload steps. The injected script will be executed as part of the upload process.

Remediation

Users can update to MediaWiki UploadWizard Extension version 1.39 or later, where this vulnerability has been addressed.