Login Sign Up

CVE-2024-40605

4.8 MEDIUM
Cross-Site Scripting

📋 TL;DR

This stored cross-site scripting (XSS) vulnerability in MediaWiki's Foreground skin allows attackers to inject malicious scripts into top-level menu entries. When users view the sidebar, these scripts execute in their browser context, potentially stealing session cookies or performing unauthorized actions. All MediaWiki installations using the Foreground skin through version 1.42.1 are affected.

💻 Affected Systems

Products:
  • MediaWiki with Foreground skin
Versions: MediaWiki through 1.42.1
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects installations using the Foreground skin. Other MediaWiki skins are not vulnerable.

📦 What is this software?

Mediawiki by Mediawiki

View all CVEs affecting Mediawiki →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator session cookies, gain administrative privileges, deface the wiki, or install backdoors through malicious JavaScript execution.

🟠

Likely Case

Session hijacking of logged-in users, credential theft, or defacement of wiki pages through injected content.

🟢

If Mitigated

Limited impact if proper Content Security Policy (CSP) headers are implemented and user input validation is enforced elsewhere.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires edit permissions to modify MediaWiki:Sidebar entries. Attack complexity is low once access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: MediaWiki 1.42.2 or later

Vendor Advisory: https://phabricator.wikimedia.org/T361452

Restart Required: No

Instructions:

1. Update MediaWiki to version 1.42.2 or later. 2. Alternatively, apply the security patch from the Wikimedia Phabricator ticket T361452. 3. Clear any cached sidebar content.

🔧 Temporary Workarounds

Disable Foreground skin

all

Switch to a different MediaWiki skin that is not vulnerable

$wgDefaultSkin = 'vector';

Restrict sidebar editing

all

Limit who can edit MediaWiki:Sidebar to trusted administrators only

🧯 If You Can't Patch

  • Implement strict Content Security Policy headers to block inline script execution
  • Regularly audit and sanitize MediaWiki:Sidebar entries for suspicious content

🔍 How to Verify

Check if Vulnerable:

Check if using MediaWiki ≤1.42.1 with Foreground skin enabled. Review LocalSettings.php for $wgDefaultSkin or $wgSkipSkins configuration.

Check Version:

Check includes/DefaultSettings.php or run MediaWiki maintenance script: php maintenance/run.php --version

Verify Fix Applied:

Verify MediaWiki version is ≥1.42.2 and test that script tags in sidebar entries no longer execute.

📡 Detection & Monitoring

Log Indicators:

  • Unusual edits to MediaWiki:Sidebar page
  • Multiple failed edit attempts to sidebar

Network Indicators:

  • Unexpected JavaScript execution from sidebar content
  • External resource loads from sidebar entries

SIEM Query:

source="mediawiki.log" AND ("MediaWiki:Sidebar" OR "edit sidebar") AND user NOT IN [admin_users]

📊 Metadata

CVE ID: CVE-2024-40605
CVSS v3 Score: 4.8 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-79
Published: July 7, 2024
Last Updated: March 14, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-40605, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)