CVE-2023-51704 is a security vulnerability identified in the MediaWiki software, specifically in the includes/logging/RightsLogFormatter.php file. The flaw exists in the handling of group membership messages (group-*-member) that are displayed on the Special:log/rights page. Due to insufficient input sanitization or output encoding, these messages can contain malicious JavaScript code, leading to a cross-site scripting (XSS) vulnerability. This vulnerability affects MediaWiki versions before 1.35.14, all 1.36.x through 1.39.x versions before 1.39.6, and 1.40.x versions before 1.40.2. An attacker who can inject crafted group membership messages could exploit this flaw to execute arbitrary scripts in the browser of users viewing the affected log page. This can result in session hijacking, credential theft, or other malicious actions performed with the privileges of the victim user. Although no active exploits have been reported, the vulnerability is publicly disclosed and patched in later versions. MediaWiki is widely used in collaborative environments including public sector, education, and enterprises, making this vulnerability relevant for organizations relying on it for knowledge management or documentation. The vulnerability does not require authentication to trigger if the attacker can influence the group membership messages, but some level of access or social engineering might be needed to inject malicious content. The lack of a CVSS score necessitates an independent severity assessment based on impact and exploitability factors.

For European organizations, the impact of CVE-2023-51704 can be significant, especially for those using MediaWiki as a platform for internal or public documentation, knowledge bases, or collaborative projects. Exploitation of this XSS vulnerability could lead to unauthorized disclosure of sensitive information, session hijacking, and potential privilege escalation if administrative users are targeted. This could undermine the integrity and confidentiality of organizational data and disrupt operations. Public sector entities, universities, and research institutions that rely on MediaWiki for transparency and collaboration may face reputational damage and compliance risks under GDPR if personal data is exposed. Additionally, attackers could leverage this vulnerability as a foothold for further attacks within the network. The absence of known exploits reduces immediate risk but does not eliminate the threat, as attackers may develop exploits following public disclosure. Organizations with high user traffic on affected MediaWiki instances are at greater risk due to increased exposure.

To mitigate CVE-2023-51704, organizations should promptly upgrade MediaWiki to the patched versions: 1.35.14 or later, 1.39.6 or later, or 1.40.2 or later depending on their current version branch. If immediate upgrading is not feasible, administrators should restrict access to the Special:log/rights page to trusted users only, minimizing exposure to untrusted or anonymous users. Implement Content Security Policy (CSP) headers to reduce the impact of potential XSS attacks by restricting script execution sources. Regularly audit and sanitize group membership messages and logs to detect and remove any suspicious content. Employ web application firewalls (WAFs) with rules targeting XSS payloads to provide an additional layer of defense. Educate users and administrators about the risks of XSS and encourage vigilance when interacting with log pages or user-generated content. Monitor MediaWiki security advisories for updates and apply patches promptly to maintain a secure environment.