CVE-2024-36123

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-36123

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-36123.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-36123

Aliases

GHSA-jhm6-qjhq-5mf9

Downstream

UBUNTU-CVE-2024-36123

Published

2024-06-03T14:17:08.664Z

Modified

2026-03-13T14:58:55.962880Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

Citizen has a Stored Cross-Site Scripting Vulnerability by editing MediaWiki:Tagline

Details

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The page MediaWiki:Tagline has its contents used unescaped, so custom HTML (including Javascript) can be injected by someone with the ability to edit the MediaWiki namespace (typically those with the editinterface permission, or sysops). This vulnerability is fixed in 2.16.0.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-79"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/36xxx/CVE-2024-36123.json"
}

References

Affected packages

Git / github.com/StarCitizenTools/mediawiki-skins-Citizen

Affected ranges

Type

GIT

Repo

https://github.com/StarCitizenTools/mediawiki-skins-Citizen

Events

Introduced

Fixed

e33098a65ef1de8620e89094dc1a009c98b3d885

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.16.0"
        }
    ]
}

Type: GIT
Repo: https://github.com/starcitizentools/mediawiki-skins-citizen
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

4a43280242f33e54643087da4a7f40970d2640c9

Affected versions

v1.*

v1.10.0

v1.13.0

v1.14.0

v1.14.1

v1.15.0

v1.16.0

v1.16.1

v1.17.0

v1.17.1

v1.17.2

v1.17.3

v1.17.4

v1.17.5

v1.17.6

v1.17.7

v1.17.8

v1.17.9

v1.9.4

v1.9.5

v2.*

v2.0.0

v2.0.0-alpha.0

v2.0.0-alpha.1

v2.0.0-alpha.2

v2.0.0-beta.0

v2.0.0-beta.1

v2.0.0-beta.2

v2.0.0-beta.3

v2.0.0-beta.4

v2.0.1

v2.1.0

v2.10.0

v2.10.1

v2.11.0

v2.11.1

v2.12.0

v2.13.0

v2.13.1

v2.13.2

v2.13.3

v2.13.4

v2.13.5

v2.14.0

v2.14.1

v2.15.0

v2.15.1

v2.2.0

v2.3.0

v2.3.1

v2.3.2

v2.3.3

v2.3.4

v2.3.5

v2.3.6

v2.4.0

v2.4.1

v2.4.2

v2.4.3

v2.4.4

v2.5.0

v2.5.1

v2.5.2

v2.6.0

v2.6.1

v2.6.2

v2.6.3

v2.6.4

v2.6.5

v2.6.6

v2.7.0

v2.7.1

v2.7.10

v2.7.11

v2.7.2

v2.7.3

v2.7.4

v2.7.5

v2.7.6

v2.7.7

v2.7.8

v2.7.9

v2.8.0

v2.8.1

v2.8.2

v2.8.3

v2.8.4

v2.8.5

v2.9.0

v2.9.1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-36123.json"