CVE-2024-47536

CVSS V2 None CVSS V3 None

Description

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. A user with the editmyprivateinfo right or who can otherwise change their name can XSS themselves by setting their "real name" to an XSS payload. This vulnerability is fixed in 2.31.0.

Overview

CVE ID
CVE-2024-47536

Assigner
GitHub_M

Vulnerability Status
PUBLISHED

Published Version
2024-09-30T17:09:40.192Z

Last Modified Date
2024-09-30T17:25:48.104Z

Weakness Enumerations

CWE	URL
CWE-80	http://cwe.mitre.org/data/definitions/80.html
CWE-79	http://cwe.mitre.org/data/definitions/79.html

References

Reference URL	Reference Tags
https://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-62r2-gcxr-426x	x_refsource_CONFIRM
https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/717d16af35b10dab04d434aefddbf991fc8c168c	x_refsource_MISC
https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/86da3e07718c8d8da6f4310386fef85599606f9b	x_refsource_MISC
https://github.com/StarCitizenTools/mediawiki-skins-Citizen/blob/d45c3d69f30863f622f16eb40dd41d3ca943454a/includes/Components/CitizenComponentUserInfo.php#L137	x_refsource_MISC

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-47536
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47536

History

Created	Old Value	New Value	Data Type	Notes
2024-10-06 19:59:01				Added to TrackCVE