← Back to CVE List

CVE-2024-47782

Published: 2024-10-07T22:15Z
Last Modified: 2024-11-14T18:19Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
WikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis. Special:WikiDiscover is a special page that lists all wikis on the wiki farm. However, the special page does not make any effort to escape the wiki name or description. Therefore, if a wiki sets its name and/or description to an XSS payload, the XSS will execute whenever the wiki is shown on Special:WikiDiscover. This issue has been patched with commit `2ce846dd93` and all users are advised to apply that patch. User unable to upgrade should block access to `Special:WikiDiscover`. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt