Wikimedia Foundation MediaWiki GrowthExperiments Extension Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in the GrowthExperiments extension of MediaWiki, affecting versions 1.39, 1.43, 1.44, and 1.45. This vulnerability allows users to inject malicious scripts into edit summaries, which are then executed when the summary is viewed in contexts such as the history or recent changes pages.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the edit summary.

Reproduction

To reproduce this vulnerability, install the GrowthExperiments extension and create a template named 'AutocommentPayload' containing a specific payload designed to execute a script. Then, edit a page and include the template in the edit summary. After saving the changes, the injected script will execute when the edit summary is viewed in the history or recent changes.

Remediation

Users can update to the patched versions of the GrowthExperiments extension available on Gerrit.