CVE-2024-47847: Mediawiki Cargo extension vulnerable to Cross-site Scripting
(updated )
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1.
References
- gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/1063804
- gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/1063806
- gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/1063827
- gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/1063831
- github.com/advisories/GHSA-jqvm-9xm2-gc38
- github.com/wikimedia/mediawiki-extensions-Cargo
- nvd.nist.gov/vuln/detail/CVE-2024-47847
- phabricator.wikimedia.org/T368628
- phabricator.wikimedia.org/T372211
Detect and mitigate CVE-2024-47847 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →