Description

An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages. This is related to MediaWiki:Youhavenewmessagesfromusers.

Remediation

References

CVE-2023-45360

Related Vulnerabilities

WordPress Plugin Templatic Tevolution Arbitrary File Upload (2.3.6)

WordPress Plugin Gift Certificate Creator Cross-Site Scripting (1.0.0)

WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery SQL Injection (1.3.50)

PHP-Fusion Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-1807)

Undertow Insertion of Sensitive Information into Log File Vulnerability (CVE-2019-3888)

Severity

Medium

Classification

CVE-2023-45360 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities