Description

An issue was discovered in the CheckUser extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via message definitions. e.g., in SpecialCheckUserLog.

Remediation

References

CVE-2024-23172

Related Vulnerabilities

FrontAccounting Multiple SQL Injection Vulnerabilities (CVE-2014-3973)

SharePoint Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-1202)

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-2250)

WordPress Plugin CM Pop-Up banners for WordPress Cross-Site Scripting (1.4.10)

PostgreSQL Out-of-bounds Read Vulnerability (CVE-2019-10209)

Severity

Medium

Classification

CVE-2024-23172 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities