UBUNTU-CVE-2024-36123
- Source
- https://ubuntu.com/security/CVE-2024-36123
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-36123.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2024-36123
- Upstream
- Published
- 2024-06-03T15:15:00Z
- Modified
- 2026-01-20T18:22:18.912747Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The page
MediaWiki:Taglinehas its contents used unescaped, so custom HTML (including Javascript) can be injected by someone with the ability to edit the MediaWiki namespace (typically those with theeditinterfacepermission, or sysops). This vulnerability is fixed in 2.16.0. - References
-
- https://ubuntu.com/security/CVE-2024-36123
- https://www.cve.org/CVERecord?id=CVE-2024-36123
- https://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-jhm6-qjhq-5mf9
- https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/4a43280242f33e54643087da4a7f40970d2640c9
- https://github.com/StarCitizenTools/mediawiki-skins-Citizen/blob/c11fbf67a99366d5a40ef880469b222679e3b475/includes/Components/CitizenComponentPageHeading.php#L190-L195
- https://github.com/StarCitizenTools/mediawiki-skins-Citizen/blob/c11fbf67a99366d5a40ef880469b222679e3b475/includes/Components/CitizenComponentPageHeading.php#L197-L201
- https://github.com/StarCitizenTools/mediawiki-skins-Citizen/releases
Affected packages
Ubuntu:18.04:LTS / mediawiki
Package
- Name
- mediawiki
- Purl
- pkg:deb/ubuntu/mediawiki@1:1.27.4-3?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:20.04:LTS / mediawiki
Package
- Name
- mediawiki
- Purl
- pkg:deb/ubuntu/mediawiki@1:1.31.7-1?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1:1.*
1:1.31.2-1ubuntu1
1:1.31.5-1
1:1.31.5-1ubuntu1
1:1.31.5-2
1:1.31.5-3
1:1.31.5-3ubuntu1
1:1.31.6-1
1:1.31.7-1
Ubuntu:22.04:LTS / mediawiki
Package
- Name
- mediawiki
- Purl
- pkg:deb/ubuntu/mediawiki@1:1.35.6-1?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1:1.*
1:1.35.3-1
1:1.35.4-1
1:1.35.5-1
1:1.35.5-1ubuntu1
1:1.35.5-1ubuntu2
1:1.35.5-1ubuntu3
1:1.35.6-1
Ubuntu:24.04:LTS / mediawiki
Package
- Name
- mediawiki
- Purl
- pkg:deb/ubuntu/mediawiki@1:1.39.7-1?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:25.10 / mediawiki
Package
- Name
- mediawiki
- Purl
- pkg:deb/ubuntu/mediawiki@1:1.43.3+dfsg-1?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected