Description

An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature.

Remediation

References

CVE-2023-36675

Related Vulnerabilities

WordPress Plugin File Manager Unspecified Vulnerability (2.2.0)

WordPress Plugin WP Fusion Lite-Marketing Automation for WordPress Multiple Vulnerabilities (3.37.18)

Play Framework Improper Restriction of XML External Entity Reference Vulnerability (CVE-2014-3630)

Citrix NetScaler Information Disclosure 'Citrix Bleed' (CVE-2023-4966)

WordPress Plugin YITH WooCommerce PDF Invoice and Shipping List Security Bypass (1.2.12)

Severity

Medium

Classification

CVE-2023-36675 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities