Wikimedia MediaWiki Cargo Extension Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in the Wikimedia Foundation's MediaWiki Cargo Extension, specifically in the master branch. This issue arises from improper sanitization of wikitext input, allowing malicious HTML to be inserted into table fields. When these fields are displayed, the injected scripts are executed, leading to cross-site scripting.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the affected content.

Reproduction

To reproduce this vulnerability, create a template named 'CargoXSSTemplate' that includes a cargo declaration for a table. Insert a script payload into the table field. After saving the template, create a new page that includes the template, replacing the payload variable with a script tag containing JavaScript code, such as an alert. When the page is accessed, the script will execute, demonstrating the cross-site scripting vulnerability.

Remediation

Users can update to the latest version of the MediaWiki Cargo Extension, where this vulnerability has been addressed.