Description

An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. During item merging, ItemMergeInteractor does not have an edit filter running (e.g., AbuseFilter).

Remediation

References

CVE-2023-45372

Related Vulnerabilities

WordPress Plugin Logo Carousel Cross-Site Scripting (1.7.1)

MySQL CVE-2019-2587 Vulnerability (CVE-2019-2587)

WordPress Plugin wpCentral Security Bypass (1.4.7)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-32472)

WordPress Plugin WordPress Shortcodes-Shortcodes Ultimate Unspecified Vulnerability (4.10.2)

Severity

Medium

Classification

CVE-2023-45372 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities