Description

An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is no rate limit for merging items.

Remediation

References

CVE-2023-45371

Related Vulnerabilities

WordPress Plugin Quick Paypal Payments Cross-Site Scripting (3.0)

Oracle Database Server CVE-2006-0265 Vulnerability (CVE-2006-0265)

WordPress Plugin PowerPack Lite for Beaver Builder Local File Inclusion (1.3.0.3)

Envoy Proxy CVE-2019-18802 Vulnerability (CVE-2019-18802)

WordPress Plugin NextGEN Gallery-WordPress Gallery 'Gallery Path' Field Cross-Site Scripting (1.9.5)

Severity

High

Classification

CVE-2023-45371 CWE-770 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities