Description

An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages. This is related to MediaWiki:Youhavenewmessagesfromusers.

Remediation

References

CVE-2023-45360

Related Vulnerabilities

WordPress Plugin WP Taxonomy Import Cross-Site Scripting (1.0.4)

WordPress Plugin jRSS Widget 'url' Parameter Directory Traversal (1.1.1)

phpMyFAQ Cleartext Transmission of Sensitive Information Vulnerability (CVE-2022-4409)

Payara Files or Directories Accessible to External Parties Vulnerability (CVE-2022-45129)

Mailman Other Vulnerability (CVE-2006-1712)

Severity

Medium

Classification

CVE-2023-45360 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities