Wikimedia Foundation MediaWiki Link Validation Vulnerability in Page Protection Indicators

A vulnerability exists in Wikimedia Foundation MediaWiki versions prior to 1.43.7, 1.44.4, and 1.45.2, related to the handling of help links for page protection indicators. The issue arises because the link target is not properly validated, allowing for a misconfiguration that could lead to the insertion of JavaScript by an administrator, a privilege reserved for interface administrators only.

Impact

Exploitation of this vulnerability could result in a cross-site scripting (XSS) issue, where an administrator could inject JavaScript into a page.

Reproduction

To reproduce this vulnerability, open a protected subpage on a wiki using MediaWiki version 1.43 prior to 1.44.4, or 1.45.2. Click on the lock icon to access the help link for the page protection indicator. The link will incorrectly include the base page name of the subpage instead of directing to the appropriate help page. This misdirection occurs because the link target lacks the necessary '/wiki/' prefix, creating a relative link that does not function as intended.

Remediation

Users can update to MediaWiki versions 1.43.7, 1.44.4, or 1.45.2, where this vulnerability has been addressed.