Description

An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature.

Remediation

References

CVE-2023-36675

Related Vulnerabilities

PHP Other Vulnerability (CVE-2005-3391)

WebLogic CVE-2021-2109 Vulnerability (CVE-2021-2109)

phpMyFAQ 7PK - Security Features Vulnerability (CVE-2014-6050)

phpMyFAQ Other Vulnerability (CVE-2005-3049)

MySQL CVE-2015-4807 Vulnerability (CVE-2015-4807)

Severity

Medium

Classification

CVE-2023-36675 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Tags

Missing Update Known Vulnerabilities