Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS02MnIyLWdjeHItNDI2eM4AA_31
starcitizentools/citizen-skin vulnerable to stored, self-XSS in the "real name" field
Summary
A user with the editmyprivateinfo right or who can otherwise change their name can XSS themselves by setting their "real name" to an XSS payload.
Details
Here's the offending line:
https://github.com/StarCitizenTools/mediawiki-skins-Citizen/blob/d45c3d69f30863f622f16eb40dd41d3ca943454a/includes/Components/CitizenComponentUserInfo.php#L137
This was introduced in 717d16af35b10dab04d434aefddbf991fc8c168c
PoC
- Login
- Go to Special:Preferences
- Set the real name field to a string like
<script>alert("Admin with a propensity for self-XSSes")</script> - Save your settings and use Citizen if it's not being used already
Impact
Any user who can change their name (whether it's through the editmyprivateinfo right or through other means) can add XSS payloads that trigger for themselves only.
Permalink: https://github.com/advisories/GHSA-62r2-gcxr-426xJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02MnIyLWdjeHItNDI2eM4AA_31
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 3 months ago
Updated: 3 months ago
CVSS Score: 4.6
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
EPSS Percentage: 0.00045
EPSS Percentile: 0.1735
Identifiers: GHSA-62r2-gcxr-426x, CVE-2024-47536
References:
- https://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-62r2-gcxr-426x
- https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/717d16af35b10dab04d434aefddbf991fc8c168c
- https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/86da3e07718c8d8da6f4310386fef85599606f9b
- https://github.com/StarCitizenTools/mediawiki-skins-Citizen/blob/d45c3d69f30863f622f16eb40dd41d3ca943454a/includes/Components/CitizenComponentUserInfo.php#L137
- https://nvd.nist.gov/vuln/detail/CVE-2024-47536
- https://github.com/advisories/GHSA-62r2-gcxr-426x
Blast Radius: 1.0
Affected Packages
packagist:starcitizentools/citizen-skin
Dependent packages: 0Dependent repositories: 0
Downloads: 425 total
Affected Version Ranges: >= 2.6.3, < 2.31.0
Fixed in: 2.31.0
All affected versions: 2.6.3, 2.6.4, 2.6.5, 2.6.6, 2.7.0, 2.7.1, 2.7.2, 2.7.3, 2.7.4, 2.7.5, 2.7.6, 2.7.7, 2.7.8, 2.7.9, 2.7.10, 2.7.11, 2.8.0, 2.8.1, 2.8.2, 2.8.3, 2.8.4, 2.8.5, 2.9.0, 2.9.1, 2.10.0, 2.10.1, 2.11.0, 2.11.1, 2.12.0, 2.13.0, 2.13.1, 2.13.2, 2.13.3, 2.13.4, 2.13.5, 2.14.0, 2.14.1, 2.15.0, 2.15.1, 2.16.0, 2.16.1, 2.17.0, 2.17.1, 2.17.2, 2.18.0, 2.18.1, 2.19.0, 2.20.0, 2.21.0, 2.22.0, 2.22.1, 2.23.0, 2.24.0, 2.25.0, 2.26.0, 2.27.0, 2.28.0, 2.29.0, 2.30.0
All unaffected versions: 1.9.4, 1.9.5, 1.10.0, 1.13.0, 1.14.0, 1.14.1, 1.15.0, 1.16.0, 1.16.1, 1.17.0, 1.17.1, 1.17.2, 1.17.3, 1.17.4, 1.17.5, 1.17.6, 1.17.7, 1.17.8, 1.17.9, 2.0.0, 2.0.1, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.4.4, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.31.0, 2.32.0, 2.33.0, 2.34.0, 2.35.0, 2.36.0, 2.37.0, 2.38.0, 2.38.1, 2.38.2, 2.38.3, 2.39.0, 2.39.1, 2.39.2, 2.39.3, 2.39.4