CVE-2024-23174: 
NixOS vulnerability analysis and mitigation

An issue was discovered in the PageTriage extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The vulnerability affects multiple message parameters including rev-deleted-user, pagetriage-tags-quickfilter-label, pagetriage-triage, and several others related to date range filtering and button messages (NVD).

The vulnerability is classified as a Cross-Site Scripting (XSS) issue with a CVSS v3.1 base score of 5.4 (Medium) and vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. The vulnerability is tracked under CWE-79 (Improper Neutralization of Input During Web Page Generation) (NVD).

The vulnerability could allow attackers to execute cross-site scripting attacks through various message parameters in the PageTriage extension, potentially leading to unauthorized access to sensitive information or manipulation of web content (NVD).

Users are advised to upgrade to MediaWiki versions 1.35.14, 1.39.6, or 1.40.2 or later, depending on their current version track. These versions contain the necessary security fixes to address the vulnerability (NVD).