Description

An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages. This is related to MediaWiki:Youhavenewmessagesfromusers.

Remediation

References

CVE-2023-45360

Related Vulnerabilities

ownCloud Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-2397)

WordPress 4.7.x Multiple Vulnerabilities (4.7 - 4.7.7)

OpenSSL Inefficient Regular Expression Complexity Vulnerability (CVE-2023-3446)

MODX Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-26149)

Moodle Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-36396)

Severity

Medium

Classification

CVE-2023-45360 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities