Description

An issue was discovered in the PageTriage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. Usernames of hidden users are exposed.

Remediation

References

CVE-2023-45369

Related Vulnerabilities

ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-5832)

WebLogic CVE-2022-21259 Vulnerability (CVE-2022-21259)

Joomla CVE-2012-2747 Vulnerability (CVE-2012-2747)

WebLogic CVE-2021-2376 Vulnerability (CVE-2021-2376)

WordPress Plugin UltimateWoo-The Ultimate WooCommerce with Unlimited Usage PHP Object Injection (0.1.10)

Severity

Medium

Classification

CVE-2023-45369 CWE-732 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities