Login Sign Up

CVE-2024-47847

6.1 MEDIUM
Cross-Site Scripting

📋 TL;DR

This CVE describes a cross-site scripting (XSS) vulnerability in the Mediawiki Cargo extension where user input isn't properly sanitized before being displayed in web pages. Attackers can inject malicious scripts that execute in victims' browsers when they view compromised pages. This affects Mediawiki installations using Cargo extension versions from 3.6.X before 3.6.1.

💻 Affected Systems

Products:
  • Mediawiki Cargo extension
Versions: from 3.6.X before 3.6.1
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Mediawiki installations with the Cargo extension enabled and within the vulnerable version range.

📦 What is this software?

Cargo by Mediawiki

View all CVEs affecting Cargo →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, perform actions as authenticated users, deface websites, or redirect users to malicious sites, potentially compromising entire user accounts and administrative access.

🟠

Likely Case

Attackers inject malicious JavaScript to steal session cookies or credentials from users viewing compromised pages, leading to account takeover and unauthorized actions.

🟢

If Mitigated

With proper input validation and output encoding, the impact is limited to failed injection attempts with no successful exploitation.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

XSS vulnerabilities typically have low exploitation complexity, though specific exploitation details aren't publicly documented for this CVE.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.6.1

Vendor Advisory: https://phabricator.wikimedia.org/T368628

Restart Required: No

Instructions:

1. Update the Cargo extension to version 3.6.1 or later. 2. Use Mediawiki's extension update mechanism or manually replace the extension files. 3. Clear any caches if applicable.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement additional input validation to sanitize user input before processing by Cargo extension.

Content Security Policy

all

Implement strict Content Security Policy headers to mitigate XSS impact by restricting script execution.

🧯 If You Can't Patch

  • Disable the Cargo extension if not essential for operations
  • Implement web application firewall rules to block XSS payload patterns

🔍 How to Verify

Check if Vulnerable:

Check the Cargo extension version in Mediawiki's Special:Version page or examine the extension's version file.

Check Version:

Check Mediawiki's Special:Version page or examine extensions/Cargo/extension.json for version number

Verify Fix Applied:

Confirm Cargo extension version is 3.6.1 or later and test input fields for proper sanitization.

📡 Detection & Monitoring

Log Indicators:

  • Unusual script tags or JavaScript in user input logs
  • Multiple failed input validation attempts

Network Indicators:

  • HTTP requests containing suspicious script patterns or encoded payloads

SIEM Query:

web_logs WHERE url CONTAINS '<script' OR url CONTAINS 'javascript:' OR body CONTAINS suspicious_encoding_patterns

📊 Metadata

CVE ID: CVE-2024-47847
CVSS v3 Score: 6.1 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-79
Published: October 5, 2024
Last Updated: October 16, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-47847, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)