Vulnerability DatabaseCVE-2024-47815
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2024-47815
Published:October 09, 2024
Updated:May 17, 2026
IncidentReporting is a MediaWiki extension for moving incident reports from wikitext to database tables. There are a variety of Cross-site Scripting issues, though all of them require elevated permissions. Some are available to anyone who has the `editincidents` right, some are available to those who can edit interface messages (typically administrators and interface admins), and one is available to those who can edit LocalSettings.php. These issues have been addressed in commit `43896a4` and all users are advised to upgrade. Users unable to upgrade should prevent access to the Special:IncidentReports page.
Related Resources (3)
https://issue-tracker.miraheze.org/T12702
https://github.com/miraheze/IncidentReporting/security/advisories/GHSA-9p36-hrmr-98r9
https://github.com/miraheze/IncidentReporting/commit/43896a47de4e05ac94ec0472c220da944da16c5c
Do you need more information?
Contact Us
CVSS v4
Base Score:
7
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
HIGH
User Interaction
NONE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
HIGH
Vulnerable System Availability
LOW
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
HIGH
Availability
LOW
Weakness Type (CWE)
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CWE-80
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-79
EPSS
Base Score:
0.11