CVE-2024-47782 in WikiDiscoverinfo

Zusammenfassung

von MITRE • 08.10.2024

WikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis. Special:WikiDiscover is a special page that lists all wikis on the wiki farm. However, the special page does not make any effort to escape the wiki name or description. Therefore, if a wiki sets its name and/or description to an XSS payload, the XSS will execute whenever the wiki is shown on Special:WikiDiscover. This issue has been patched with commit `2ce846dd93` and all users are advised to apply that patch. User unable to upgrade should block access to `Special:WikiDiscover`.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Zuständig

GitHub M

Reservieren

30.09.2024

Veröffentlichung

08.10.2024

Moderieren

akzeptiert

Eintrag

VDB-279545

CPE

bereit

EPSS

0.00311

KEV

nein

Aktivitäten

very low

Quellen

Do you know our Splunk app?

Download it now for free!