Description

An issue was discovered in the CheckUser extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via message definitions. e.g., in SpecialCheckUserLog.

Remediation

References

CVE-2024-23172

Related Vulnerabilities

PHP version older than 4.4.1

MySQL CVE-2020-14799 Vulnerability (CVE-2020-14799)

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-2718)

XWiki Inadequate Encryption Strength Vulnerability (CVE-2022-29161)

Moodle Other Vulnerability (CVE-2004-2233)

Severity

Medium

Classification

CVE-2024-23172 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities