MediaWiki Extension Security Advisory: Multiple CVEs including XSS, SQLi, CSRF in Cargo, CSS, PageTriage

From this webpage screenshot, we can extract the following key information regarding the vulnerabilities: 1. Vulnerability List: - PageTriage: CVE-2024-47848 - User can review/unreview articles while blocked - CSS: CVE-2024-47845 - CSS sanitizer used incorrectly - Widgets: CVE-2024-35226 - smarty library version has CVE - Cargo: CVE-2024-47849 - Backticks can allow the usage of not-allowed SQL functions - Cargo: CVE-2024-47846 - Special:DeleteCargoTable and Special:SwitchCargoTable have no CSRF protection - Cargo: CVE-2024-47847 - Various XSSes found in Cargo - Apex: CVE-2024-47840 - Stored XSS through sidebar - CSS: CVE-2024-47841 - Path traversal when loading stylesheets - DataTransfer: CVE-2024-45048, CVE-2024-45046 - vulnerable version of phpoffice/phpspreadsheet 2. Security Announcements: - Security announcements related to maintenance releases 1.39.9/1.41.3/1.42.2 have been published. - These announcements mention the above vulnerabilities and provide remediation guidance. 3. Affected Extensions and Skins: - The extensions and skins affected include PageTriage, CSS, Widgets, Cargo, Apex, and DataTransfer. 4. Remediation Recommendations: - Affected users are advised to upgrade promptly to the current main branch or relevant supported versions. - Due to the nature of security disclosures, sensitive information may be exposed, so detailed remediation information cannot be provided before these tasks are made public. 5. Contact Information: - For any additional questions or concerns, contact security@wikimedia.org or create a security task in Phabricator. This information is crucial for understanding the impact of the vulnerabilities and the remediation process.

Goal Reached Thanks to every supporter — we hit 100%!

MediaWiki Extension Security Advisory: Multiple CVEs including XSS, SQLi, CSRF in Cargo, CSS, PageTriage