CVE-2024-47536

UNKNOWN

Published 2024-09-30T17:09:40.192Z

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2024-47536. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. A user with the editmyprivateinfo right or who can otherwise change their name can XSS themselves by setting their "real name" to an XSS payload. This vulnerability is fixed in 2.31.0.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

StarCitizenTools

mediawiki-skins-Citizen

Affected Versions:

>= 2.6.3, < 2.31.0

starcitizentools

mediawiki-skins-citizen

Affected Versions:

2.6.3

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed MODERATE

starcitizentools/citizen-skin vulnerable to stored, self-XSS in the "real name" field

GHSA-62r2-gcxr-426x

Advisory Details

### Summary A user with the `editmyprivateinfo` right or who can otherwise change their name can XSS themselves by setting their "real name" to an XSS payload. ### Details Here's the offending line: https://github.com/StarCitizenTools/mediawiki-skins-Citizen/blob/d45c3d69f30863f622f16eb40dd41d3ca943454a/includes/Components/CitizenComponentUserInfo.php#L137 This was introduced in 717d16af35b10dab04d434aefddbf991fc8c168c ### PoC 1. Login 2. Go to Special:Preferences 3. Set the real name field to a string like `<script>alert("Admin with a propensity for self-XSSes")</script>` 4. Save your settings and use Citizen if it's not being used already ![](https://github.com/user-attachments/assets/22adbb70-fcd7-4f81-8e53-1f5f3a730270) ### Impact Any user who can change their name (whether it's through the editmyprivateinfo right or through other means) can add XSS payloads that trigger for themselves only.

Affected Packages

Packagist starcitizentools/citizen-skin

ECOSYSTEM: ≥2.6.3 <2.31.0

CVSS Scoring

CVSS Score

5.0

CVSS Vector


                                    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

References

WEB https://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-62r2-gcxr-426x

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-47536

WEB https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/717d16af35b10dab04d434aefddbf991fc8c168c

WEB https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/86da3e07718c8d8da6f4310386fef85599606f9b

PACKAGE https://github.com/StarCitizenTools/mediawiki-skins-Citizen

WEB https://github.com/StarCitizenTools/mediawiki-skins-Citizen/blob/d45c3d69f30863f622f16eb40dd41d3ca943454a/includes/Components/CitizenComponentUserInfo.php#L137

Advisory provided by GitHub Security Advisory Database. Published: September 30, 2024, Modified: September 30, 2024

References

https://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-62r2-gcxr-426x

https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/717d16af35b10dab04d434aefddbf991fc8c168c

https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/86da3e07718c8d8da6f4310386fef85599606f9b

https://github.com/StarCitizenTools/mediawiki-skins-Citizen/blob/d45c3d69f30863f622f16eb40dd41d3ca943454a/includes/Components/CitizenComponentUserInfo.php#L137

Published: 2024-09-30T17:09:40.192Z

Last Modified: 2024-09-30T17:25:48.104Z

Copied to clipboard!

CVE-2024-47536

Expert Analysis

Description

Available Exploits

Related News

Affected Products

mediawiki-skins-Citizen

Affected Versions:

mediawiki-skins-citizen

Affected Versions:

GitHub Security Advisories

starcitizentools/citizen-skin vulnerable to stored, self-XSS in the "real name" field

Advisory Details

Affected Packages

CVSS Scoring

CVSS Score

CVSS Vector

References

References

Request Analysis

What to expect

Request Received!