Description

An issue was discovered in the PageTriage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. Usernames of hidden users are exposed.

Remediation

References

CVE-2023-45369

Related Vulnerabilities

Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-24899)

WordPress Plugin Landing Page Builder-Lead Page-Optin Page-Squeeze Page-WordPress Landing Pages Cross-Site Scripting (1.4.9.8.9)

WordPress Plugin Blog social sharing component Cross-Site Scripting (1.4.4)

Apache Tomcat Other Vulnerability (CVE-2005-2090)

Oracle JRE CVE-2013-5780 Vulnerability (CVE-2013-5780)

Severity

Medium

Classification

CVE-2023-45369 CWE-732 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities