CVE-2024-47815

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)

Published: Oct 9, 2024 / Updated: 41d ago

010
CVSS 6EPSS 0.05%Medium
CVE info copied to clipboard

IncidentReporting is a MediaWiki extension for moving incident reports from wikitext to database tables. There are a variety of Cross-site Scripting issues, though all of them require elevated permissions. Some are available to anyone who has the `editincidents` right, some are available to those who can edit interface messages (typically administrators and interface admins), and one is available to those who can edit LocalSettings.php. These issues have been addressed in commit `43896a4` and all users are advised to upgrade. Users unable to upgrade should prevent access to the Special:IncidentReports page.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L

Timeline

CVE Assignment

NVD published the first details for CVE-2024-47815

Oct 9, 2024 at 7:15 PM
CVSS

A CVSS base score of 6 has been assigned.

Oct 9, 2024 at 7:20 PM / nvd
First Article

Feedly found the first article mentioning CVE-2024-47815. See article

Oct 9, 2024 at 7:21 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Oct 9, 2024 at 7:21 PM
EPSS

EPSS Score was set to: 0.05% (Percentile: 16.4%)

Oct 10, 2024 at 10:30 AM
Static CVE Timeline Graph

Affected Systems

Mediawiki/mediawiki
+null more

Attack Patterns

CAPEC-209: XSS Using MIME Type Mismatch
+null more

News

CVE Alert: CVE-2024-47815 - https://www. redpacketsecurity.com/cve_aler t_cve-2024-47815/ # OSINT # ThreatIntel # CyberSecurity # cve_2024_47815
CVE Alert: CVE-2024-47815
Users unable to upgrade should prevent access to the Special:IncidentReports page. These issues have been addressed in commit `43896a4` and all users are advised to upgrade.
NA - CVE-2024-47815 - IncidentReporting is a MediaWiki extension for...
IncidentReporting is a MediaWiki extension for moving incident reports from wikitext to database tables. There are a variety of Cross-site Scripting issues, though all of them require elevated...
CVE-2024-47815
These issues have been addressed in commit `43896a4` and all users are advised to upgrade. Users unable to upgrade should prevent access to the Special:IncidentReports page.
CVE-2024-47815 - MediaWiki IncidentReporting Cross-site Scripting Vulnerability
CVE ID : CVE-2024-47815 Published : Oct. 9, 2024, 7:15 p.m. 17 minutes ago Description : IncidentReporting is a MediaWiki extension for moving incident reports from wikitext to database tables. There are a variety of Cross-site Scripting issues, though all of them require elevated permissions. Some are available to anyone who has the `editincidents` right, some are available to those who can edit interface messages (typically administrators and interface admins), and one is available to those who can edit LocalSettings.php. These issues have been addressed in commit `43896a4` and all users are advised to upgrade.
See 4 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:High
User Interaction:None
Scope:Unchanged
Confidentiality:Low
Integrity:High
Availability Impact:Low

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI