Description

An issue was discovered in the CheckUser extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via message definitions. e.g., in SpecialCheckUserLog.

Remediation

References

CVE-2024-23172

Related Vulnerabilities

Apache Tomcat Other Vulnerability (CVE-2001-0829)

PHP-Fusion Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-5335)

Oracle JRE CVE-2013-5787 Vulnerability (CVE-2013-5787)

WordPress Plugin Convert Docx2post Arbitrary File Upload (1.4)

MySQL CVE-2022-21358 Vulnerability (CVE-2022-21358)

Severity

Medium

Classification

CVE-2024-23172 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities