Description

An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages. This is related to MediaWiki:Youhavenewmessagesfromusers.

Remediation

References

CVE-2023-45360

Related Vulnerabilities

MySQL CVE-2021-35608 Vulnerability (CVE-2021-35608)

WordPress Plugin Event Calendar WD-Responsive Event Calendar Cross-Site Scripting (1.0.93)

WordPress Plugin Comment System for WordPress & Ajax Comments-Comment Press Cross-Frame Scripting (2.7.0)

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-7471)

XWiki Improper Encoding or Escaping of Output Vulnerability (CVE-2023-26472)

Severity

Medium

Classification

CVE-2023-45360 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities