Description

An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. During item merging, ItemMergeInteractor does not have an edit filter running (e.g., AbuseFilter).

Remediation

References

CVE-2023-45372

Related Vulnerabilities

WordPress Plugin Google Captcha (reCAPTCHA) by BestWebSoft Cross-Site Scripting (1.27)

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-8005)

WordPress Plugin SEO Tools 'file' Parameter Directory Traversal (3.1.7)

Drupal Other Vulnerability (CVE-2005-0682)

Oracle JRE CVE-2012-1724 Vulnerability (CVE-2012-1724)

Severity

Medium

Classification

CVE-2023-45372 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities