Wikimedia Foundation MediaWiki ImageRating Extension Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in the Wikimedia Foundation MediaWiki ImageRating Extension, affecting versions from master prior to 1.39. This vulnerability arises from improper handling of system messages, which are inserted as HTML and can be exploited to execute malicious scripts.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the affected content.

Reproduction

To reproduce this vulnerability, enable the VoteNY and ImageRating extensions. Upload a file and add a vote type system message to the file page. After voting, ensure that the XSS language option is enabled. Navigate to the ImageRating special page and enter a valid category name into the textbox next to the rated image, then submit the form. The injected script will execute, demonstrating the cross-site scripting vulnerability.

Remediation

Users can update to the patched version of the ImageRating extension, available in the official Wikimedia Gerrit repository, to address this vulnerability.