CVE-2024-23179 is a cross-site scripting (XSS) vulnerability identified in the GlobalBlocking extension of MediaWiki, a widely used open-source wiki platform. The vulnerability specifically affects versions prior to 1.40.2 and is triggered when a specially crafted URI, such as Special:GlobalBlock?uselang=x-xss, is accessed. The root cause lies in the improper sanitization of the parentheses message used in subtitle links generated by the buildSubtitleLinks function. This flaw allows an attacker to inject malicious JavaScript code that executes in the context of the victim's browser when they visit the manipulated URL. The vulnerability is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation), a common vector for XSS attacks. The CVSS v3.1 base score is 6.1, indicating a medium severity level, with the vector string AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. This means the attack can be performed remotely over the network with low attack complexity, requires no privileges but does require user interaction, and affects confidentiality and integrity with a scope change. Although no known exploits are currently reported in the wild, the vulnerability poses a risk of session hijacking, phishing, or other malicious activities that leverage script execution in users' browsers. The GlobalBlocking extension is used to manage global blocks across Wikimedia projects, so the vulnerability could impact Wikimedia Foundation sites and other MediaWiki deployments using this extension.

The primary impact of CVE-2024-23179 is the potential for attackers to execute arbitrary scripts in the browsers of users who visit a crafted Special:GlobalBlock URL with a malicious uselang parameter. This can lead to partial compromise of user confidentiality and integrity, such as theft of session tokens, manipulation of displayed content, or redirection to malicious sites. While the vulnerability does not affect system availability, the scope change means that the attack can affect users beyond the immediate context, potentially impacting multiple Wikimedia projects or other MediaWiki installations using the GlobalBlocking extension. Organizations relying on MediaWiki for collaboration, documentation, or knowledge management could face reputational damage, user trust erosion, and indirect operational impacts if attackers exploit this vulnerability to conduct phishing or social engineering attacks. Since no authentication is required, any visitor can be targeted, increasing the attack surface. The absence of known exploits in the wild reduces immediate risk but does not eliminate the threat, especially given the public disclosure.

To mitigate CVE-2024-23179, organizations should upgrade the GlobalBlocking extension to version 1.40.2 or later, where the vulnerability has been addressed. If immediate patching is not feasible, administrators should consider disabling the GlobalBlocking extension temporarily or restricting access to the Special:GlobalBlock page to trusted users only. Implementing Content Security Policy (CSP) headers can help reduce the impact of XSS by restricting script execution sources. Additionally, review and sanitize all user-controllable inputs related to internationalization parameters and subtitle links in custom MediaWiki extensions or configurations. Monitoring web server logs for suspicious requests to Special:GlobalBlock with unusual uselang parameters can help detect attempted exploitation. Educating users about the risks of clicking on suspicious links and encouraging the use of updated browsers with built-in XSS protections can further reduce risk.