Description

An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature.

Remediation

References

CVE-2023-36675

Related Vulnerabilities

WordPress Plugin Gallery-Photo Albums-Portfolio Cross-Site Scripting (1.2.25)

Drupal Core 7.x Remote Code Execution (7.0 - 7.73)

WordPress Plugin MP3-jPlayer Multiple Cross-Site Scripting Vulnerabilities (1.8.7)

WordPress Plugin Simple Flash Video Cross-Site Scripting (1.7)

WordPress Plugin Pctags-Pinterest conversion tags for Pinterest Ads (advertising) + Event tracking + Site verification + WooCommerce Security Bypass (1.0.1)

Severity

Medium

Classification

CVE-2023-36675 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities