CVE-2024-34507 is a cross-site scripting (XSS) vulnerability identified in the CommentParser.php file within MediaWiki versions before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. The root cause is the improper handling of the ASCII escape character 0x1b within user comments or inputs processed by the CommentFormatter component. This mishandling allows attackers to inject malicious JavaScript code that executes in the context of the victim's browser when they visit affected pages, such as Special:RecentChanges with crafted parameters. The vulnerability does not require authentication but does require user interaction to trigger the malicious payload. The CVSS v3.1 base score is 7.4, reflecting a network attack vector with low attack complexity, no privileges required, but requiring user interaction, and a scope change due to the potential for cross-origin data access. The primary impact is on confidentiality, as attackers can steal session cookies or other sensitive information, but integrity and availability are not directly affected. No public exploit code is currently known, but the vulnerability is critical enough to warrant immediate attention given MediaWiki's widespread use in government, education, and enterprise environments. The vulnerability is classified under CWE-80 (Improper Neutralization of Script-Related HTML Tags in a Web Page).

For European organizations, the impact of CVE-2024-34507 can be significant due to the widespread use of MediaWiki in public administration, academic institutions, and collaborative projects. Successful exploitation can lead to theft of user credentials, session hijacking, and unauthorized actions performed under the victim's identity, potentially exposing sensitive internal information. This could result in data breaches, loss of trust, and compliance violations under GDPR. Since the vulnerability requires user interaction, phishing or social engineering campaigns could be used to lure users into triggering the exploit. The confidentiality breach risk is high, especially for organizations that use MediaWiki for internal documentation or knowledge sharing. However, the lack of impact on integrity and availability means that the core system functionality remains intact, reducing the risk of service disruption. Nonetheless, the potential for lateral movement and further exploitation following credential theft increases the overall threat level.

European organizations should immediately upgrade MediaWiki installations to versions 1.39.7, 1.40.3, or 1.41.1 or later, where the vulnerability is patched. If immediate upgrading is not feasible, implement strict input validation and sanitization on user-generated content, specifically filtering or encoding the 0x1b character and other control characters that can be used for injection. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers. Educate users about the risks of clicking suspicious links, especially those containing unusual characters or parameters. Monitor web server logs and application behavior for unusual requests targeting Special:RecentChanges or other comment-related pages. Additionally, consider deploying Web Application Firewalls (WAFs) with custom rules to detect and block payloads containing the escape character sequences. Regularly review and audit MediaWiki extensions and customizations for similar input handling issues. Finally, ensure incident response plans include procedures for XSS attack detection and mitigation.