Description

An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature.

Remediation

References

CVE-2023-36675

Related Vulnerabilities

WordPress Plugin All Post Contact Form Arbitrary File Upload (1.1.4)

WordPress Plugin Leaky Paywall PHP Object Injection (4.9.1)

Plone CMS CVE-2017-1000483 Vulnerability (CVE-2017-1000483)

WordPress Plugin Cookie Information-Free GDPR Consent Solution Security Bypass (2.0.22)

WordPress Plugin Easy Updates Manager Privilege Escalation (8.0.4)

Severity

Medium

Classification

CVE-2023-36675 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities