CVE-2024-47840 MEDIUM

CVE-2024-47840: Stored XSS through sidebar in Apex skin

Vendor The Wikimedia Foundation
Product Mediawiki - Apex skin
Weakness CWE-79 · XSS
Published October 5, 2024
Last update October 7, 2024
View on NVD All CVEs

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Apex skin allows Stored XSS.This issue affects Mediawiki - Apex skin: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2.

Key dates

02Disclosure timeline

October 5, 2024 CVE published
October 7, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-47772 Cross-site Scripting (XSS) via chat excerpts when content security policy (CSP) disabled in Discourse CVE-2023-48322 WordPress eDoc Employee Job Application Plugin <= 1.13 is vulnerable to Cross Site Scripting (XSS) CVE-2024-12513 Contests by Rewards Fuel <= 2.0.65 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-23960 WordPress Save & Import Image from URL Plugin <= 0.7 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2024-52457 WordPress Youneeq Recommendations plugin <= 3.0.7 - Reflected Cross Site Scripting (XSS) vulnerability