CVE-2024-23173
EUVD-2024-2069212.01.2024, 05:15
An issue was discovered in the Cargo extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:Drilldown page allows XSS via artist, album, and position parameters because of applied filter values in drilldown/CargoAppliedFilter.php.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| mediawiki | mediawiki | 𝑥 < 1.35.14 |
| mediawiki | mediawiki | 1.36.0 ≤ 𝑥 < 1.39.6 |
| mediawiki | mediawiki | 1.40.0 ≤ 𝑥 < 1.40.2 |
𝑥
= Vulnerable software versions