Description

An issue was discovered in the PageTriage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. Usernames of hidden users are exposed.

Remediation

References

CVE-2023-45369

Related Vulnerabilities

Angular Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-4231)

WordPress Plugin WordPress Connect Cross-Site Scripting (2.0.3)

WordPress Plugin Advanced Post Type Ratings Cross-Site Scripting (1.01)

MyBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-19048)

WordPress Plugin WP Htaccess Editor Unspecified Vulnerability (1.0.1)

Severity

Medium

Classification

CVE-2023-45369 CWE-732 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities