CVE-2024-47847: 
PHP vulnerability analysis and mitigation

CVE-2024-47847 is a Cross-site Scripting (XSS) vulnerability discovered in The Wikimedia Foundation MediaWiki - Cargo extension. The vulnerability affects versions from 3.6.X before 3.6.1, stemming from improper neutralization of input during web page generation (NVD, CVE).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) with a CVSS v3.1 base score of 6.1 MEDIUM. The attack vector is network-based (AV:N) with low attack complexity (AC:L), requiring no privileges (PR:N) but user interaction (UI:R). The scope is changed (S:C) with low confidentiality and integrity impact (C:L, I:L) and no availability impact (A:N) (NVD).

The vulnerability could allow attackers to execute cross-site scripting attacks, potentially leading to unauthorized access to sensitive information and manipulation of web content. The impact is characterized by low confidentiality and integrity breaches, with no direct impact on system availability (NVD).

Users are advised to upgrade to Cargo version 3.6.1 or later, which contains patches for this vulnerability. Multiple patches have been developed and are available through the Wikimedia Gerrit system (Gerrit Patch 1063804, Gerrit Patch 1063806).