CVE-2024-34507

An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. XSS can occur because of mishandling of the 0x1b character, as demonstrated by Special:RecentChanges#%1b0000000.

Published: May 5, 2024
Updated: Jun 18, 2025
CVE: CVE-2024-34507
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
mediawiki / mediawiki	1.41.0	1.41.1
mediawiki / mediawiki	-	1.39.7
mediawiki / mediawiki	1.40.0	1.40.3
fedoraproject / fedora	40	40.x

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/
https://phabricator.wikimedia.org/T355538

Vulnerability Database

289,599

CVE-2024-34507