Page MenuHomePhabricator
Paste P84207

what I might have entered if i'd been typing up the CVE for T399662
ActivePublic
Actions

Authored by A_smart_kitten on Tue, Oct 21, 6:10 PM.
Tags
None
Referenced Files
F66775068: what I might have entered if i'd been typing up the CVE for T399662
Tue, Oct 21, 6:13 PM
F66775046: raw-paste-data.txt
Tue, Oct 21, 6:10 PM
Subscribers
None
{
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"cveMetadata": {
"cveId": "CVE-2025-62698",
"assignerOrgId": "00000000-0000-4000-9000-000000000000",
"requesterUserId": "00000000-0000-4000-9000-000000000000",
"serial": 1,
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "00000000-0000-4000-9000-000000000000"
},
"title": "Stored XSS through system messages in the MediaWiki ExternalGuidance extension",
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
"type": "CWE"
}
]
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"affected": [
{
"vendor": "MediaWiki",
"product": "ExternalGuidance extension",
"repo": "https://gerrit.wikimedia.org/g/mediawiki/extensions/ExternalGuidance",
"programFiles": [
"modules/mw.externalguidance/core.js"
],
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "c7c51ca611",
"versionType": "git"
},
{
"status": "affected",
"version": "0",
"lessThan": "22986d5fd1",
"versionType": "git"
},
{
"status": "affected",
"version": "0",
"lessThan": "c0a0d0e568",
"versionType": "git"
},
{
"status": "affected",
"version": "0",
"lessThan": "3d6e2f673a",
"versionType": "git"
}
],
"defaultStatus": "affected"
}
],
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in the MediaWiki ExternalGuidance extension enabled users with the editinterface right, but without the editsitejs/editsitecss rights (notably, including the default sysop user-group), to execute arbitrary JavaScript in some end-users' web browsers, by overriding certain system messages which the ExternalGuidance extension inserted into the page as raw HTML.\n\nThe vulnerable system messages were:\n\n * externalguidance-machine-translation-heading\n * externalguidance-machine-translation-contribute\n\n\n\n\nThis issue affects all versions of the ExternalGuidance extension before Git commits c7c51ca611 (branch master), before 22986d5fd1 (branch REL1_44), before c0a0d0e568 (branch REL1_43), & before 3d6e2f673a (branch REL1_39).",
"supportingMedia": [
{
"type": "text/html",
"base64": false,
"value": "<p>A stored cross-site scripting (XSS) vulnerability in the MediaWiki ExternalGuidance extension enabled users with the <tt>editinterface</tt> right, but without the <tt>editsitejs</tt>/<tt>editsitecss</tt> rights (notably, including the default <tt>sysop</tt> user-group), to execute arbitrary JavaScript in some end-users' web browsers, by overriding certain system messages which the ExternalGuidance extension inserted into the page as raw HTML.</p><p>The vulnerable system messages were:</p><ul><li><tt>externalguidance-machine-translation-heading</tt></li><li><tt>externalguidance-machine-translation-contribute</tt></li></ul><p></p><p>This issue affects all versions of the ExternalGuidance extension before Git commits <tt>c7c51ca611</tt> (branch <tt>master</tt>), before <tt>22986d5fd1</tt> (branch <tt>REL1_44</tt>), before <tt>c0a0d0e568</tt> (branch <tt>REL1_43</tt>), &amp; before <tt>3d6e2f673a</tt> (branch <tt>REL1_39</tt>).<br></p>"
}
]
}
],
"references": [
{
"url": "https://phabricator.wikimedia.org/T399662",
"tags": [
"issue-tracking"
]
},
{
"url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/ExternalGuidance/+/1189231",
"tags": [
"patch"
]
},
{
"url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/ExternalGuidance/+/1189244",
"tags": [
"patch"
]
},
{
"url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/ExternalGuidance/+/1193509",
"tags": [
"patch"
]
},
{
"url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/ExternalGuidance/+/1193510",
"tags": [
"patch"
]
}
],
"metrics": [
{
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
],
"cvssV4_0": {
"version": "4.0",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "HIGH",
"userInteraction": "PASSIVE",
"vulnConfidentialityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"subIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseSeverity": "MEDIUM",
"baseScore": 4.8,
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"
}
}
],
"credits": [
{
"lang": "en",
"value": "SomeRandomDeveloper",
"type": "finder"
},
{
"lang": "en",
"value": "SomeRandomDeveloper",
"type": "remediation developer"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"workarounds": [
{
"lang": "en",
"value": "Add the following lines to a MediaWiki installation's LocalSettings.php file:\n$wgRawHtmlMessages[] = \"externalguidance-machine-translation-heading\";\n$wgRawHtmlMessages[] = \"externalguidance-machine-translation-contribute\";",
"supportingMedia": [
{
"type": "text/html",
"base64": false,
"value": "Add the following lines to a MediaWiki installation's LocalSettings.php file:\n<pre>$wgRawHtmlMessages[] = \"externalguidance-machine-translation-heading\";\n$wgRawHtmlMessages[] = \"externalguidance-machine-translation-contribute\";</pre>"
}
]
}
]
}
}
}
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits