CVE-2024-36123
CVSS V2 None
CVSS V3 None
Description
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The page `MediaWiki:Tagline` has its contents used unescaped, so custom HTML (including Javascript) can be injected by someone with the ability to edit the MediaWiki namespace (typically those with the `editinterface` permission, or sysops). This vulnerability is fixed in 2.16.0.
Overview
- CVE ID
- CVE-2024-36123
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-06-03T14:17:08.664Z
- Last Modified Date
- 2024-06-04T19:47:48.363Z
Weakness Enumerations
References
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-36123 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36123 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-06-26 10:51:15 | Added to TrackCVE |