Wikimedia MediaWiki GlobalWatchlist Extension Cross-Site Scripting Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in the GlobalWatchlist extension of Wikimedia MediaWiki. This issue arises from improper input handling during web page generation, allowing for both self-XSS and stored XSS through system messages. The vulnerability affects non-release branches of the extension.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Reproduction

The vulnerability can be reproduced by adding a site with a crafted URL that includes an image tag with an 'onerror' event to the user-defined site list in the GlobalWatchlist settings. This triggers the XSS when the GlobalWatchlist is accessed. Alternatively, stored XSS can be reproduced by editing a specific MediaWiki message to include a similar image tag, which will be executed when the GlobalWatchlist is viewed.

Remediation

Users can update to the patched versions of the GlobalWatchlist extension available in the Wikimedia Gerrit repository.