Description

An issue was discovered in the PageTriage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. Usernames of hidden users are exposed.

Remediation

References

CVE-2023-45369

Related Vulnerabilities

WordPress Plugin Blogstand Banner Cross-Site Scripting (1.0)

WordPress Plugin LiveChat-WP live chat Cross-Site Scripting (3.7.3)

WebLogic CVE-2020-14825 Vulnerability (CVE-2020-14825)

Drupal Core 8.6.x Remote Code Execution (8.6.0 - 8.6.9)

PrestaShop Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2011-4545)

Severity

Medium

Classification

CVE-2023-45369 CWE-732 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities