Description

An issue was discovered in the CheckUser extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via message definitions. e.g., in SpecialCheckUserLog.

Remediation

References

CVE-2024-23172

Related Vulnerabilities

qdPM Sensitive Information Disclosure Vulnerability (CVE-2015-3881)

WordPress Plugin WP Hardening-Fix Your WordPress Security Cross-Site Scripting (1.2.1)

WordPress Plugin GeoDirectory Location Manager Multiple SQL Injection Vulnerabilities (2.1.0.9)

WordPress Plugin Social Buttons Pack by BestWebSoft Cross-Site Scripting (1.1.0)

WordPress Plugin BookX Local File Inclusion (1.7)

Severity

Medium

Classification

CVE-2024-23172 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities