Page MenuHomeMiraheze

Stored XSS in Citizen by editing MediaWiki:Tagline
Closed, ResolvedPublic

Description

Public advisory: https://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-jhm6-qjhq-5mf9

It is patched in commit 4a43280242f33e54643087da4a7f40970d2640c9, or release 2.16.0.

This vulnerability has more disadvantages than advantages (see advisory), but it is still an XSS. While Miraheze does have a CSP that prevents attackers from easily exfiltrating data, one can still do so by activating abuse filters on an attacker-controlled, Miraheze-hosted wiki. The CSP also doesn't affect the attacker's ability to send requests to Miraheze wikis.