Description

An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature.

Remediation

References

CVE-2023-36675

Related Vulnerabilities

MySQL CVE-2019-2695 Vulnerability (CVE-2019-2695)

MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2008-5252)

MyBB Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-9403)

MySQL CVE-2021-35627 Vulnerability (CVE-2021-35627)

WordPress Plugin U Extended Comment 'fileurl' Parameter Arbitrary File Download (1.0.1)

Severity

Medium

Classification

CVE-2023-36675 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities