Description

An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature.

Remediation

References

CVE-2023-36675

Related Vulnerabilities

Jboss EAP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-9516)

WordPress Plugin Click to Chat Cross-Site Scripting (1.6)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-31551)

WordPress Plugin Paid Membership, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content-ProfilePress Cross-Site Scripting (1.9.18)

Jboss EAP Other Vulnerability (CVE-2023-3629)

Severity

Medium

Classification

CVE-2023-36675 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities