CVE-2024-23173 is a medium-severity Cross-Site Scripting (XSS) vulnerability identified in the Cargo extension of MediaWiki, affecting versions prior to 1.35.14, all 1.36.x through 1.39.x versions before 1.39.6, and 1.40.x versions before 1.40.2. The vulnerability arises specifically on the Special:Drilldown page, which is used to filter and display data stored via the Cargo extension. The issue is due to improper sanitization of user-supplied input parameters—namely 'artist', 'album', and 'position'—which are processed in the drilldown/CargoAppliedFilter.php file. Because these parameters are reflected back in the page without adequate encoding or filtering, an attacker can inject malicious JavaScript code that executes in the context of the victim's browser. The vulnerability is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation), a common vector for XSS attacks. The CVSS v3.1 score is 6.1, indicating a medium severity level, with an attack vector of network (remote), low attack complexity, no privileges required, but requiring user interaction (victim must visit the crafted URL). The scope is changed, meaning the vulnerability can affect resources beyond the vulnerable component, and the impact affects confidentiality and integrity but not availability. There are no known exploits in the wild at the time of publication, and no official patch links were provided in the source data, though MediaWiki has released fixed versions addressing this issue. This vulnerability could be exploited by attackers to steal user credentials, session cookies, or perform actions on behalf of authenticated users, potentially leading to account compromise or unauthorized data access within MediaWiki installations using the vulnerable Cargo extension.

For European organizations, the impact of this vulnerability depends largely on their use of MediaWiki with the Cargo extension. MediaWiki is widely used for internal knowledge bases, documentation, and collaborative platforms in both public and private sectors. An XSS vulnerability can lead to session hijacking, credential theft, or unauthorized actions performed under the context of a logged-in user. This is particularly concerning for organizations handling sensitive or proprietary information, such as government agencies, research institutions, and enterprises with intellectual property stored in MediaWiki. The confidentiality and integrity of data can be compromised, potentially leading to data leaks or manipulation. Additionally, if exploited in environments with elevated privileges, attackers could escalate their access or pivot to other internal systems. Given the medium severity and requirement for user interaction, the threat is moderate but should not be underestimated, especially in environments with high-value targets or where users have elevated privileges. The absence of known exploits in the wild reduces immediate risk but does not eliminate potential future exploitation.

European organizations should take the following specific mitigation steps: 1) Immediately upgrade MediaWiki installations using the Cargo extension to the fixed versions: 1.35.14 or later for the 1.35 branch, 1.39.6 or later for the 1.39 branch, and 1.40.2 or later for the 1.40 branch. 2) If upgrading is not immediately feasible, implement web application firewall (WAF) rules to detect and block suspicious input patterns targeting the 'artist', 'album', and 'position' parameters on the Special:Drilldown page. 3) Conduct an audit of user privileges and restrict access to the Special:Drilldown page to trusted users only, minimizing exposure. 4) Educate users about the risks of clicking on untrusted links, especially those that could lead to the vulnerable page with crafted parameters. 5) Review and enhance Content Security Policy (CSP) headers to restrict the execution of inline scripts and reduce the impact of potential XSS attacks. 6) Monitor logs for unusual access patterns or error messages related to the Cargo extension and Special:Drilldown page. 7) Regularly scan MediaWiki instances with security tools to detect any residual or new vulnerabilities.