Wikimedia MediaWiki Score Extension Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in the Score extension of Wikimedia's MediaWiki. This issue arises from the extension's use of non-reserved data attributes to store URLs, which are then linked in a way that allows for the injection of malicious scripts. The vulnerability is triggered through user interaction with the injected content.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user.

Reproduction

To reproduce this vulnerability, create an SVG module that generates an image. Then, insert a Score element with a specific musical notation into a page, along with a div that includes non-reserved data attributes containing JavaScript URLs. When the page is viewed, clicking on the SVG image will execute the JavaScript, demonstrating the cross-site scripting vulnerability.

Remediation

The vulnerability has been addressed by updating the Score extension to use reserved data attributes for storing URLs. Users should ensure they are using the latest version of the Score extension where this fix has been applied.