Description

An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature.

Remediation

References

CVE-2023-36675

Related Vulnerabilities

WordPress Plugin Yandex.News Feed by Teplitsa Cross-Site Scripting (1.12.5)

Oracle JRE CVE-2023-22081 Vulnerability (CVE-2023-22081)

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-3412)

Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-5539)

Squid Improper Input Validation Vulnerability (CVE-2016-2390)

Severity

Medium

Classification

CVE-2023-36675 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities