Description

An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages. This is related to MediaWiki:Youhavenewmessagesfromusers.

Remediation

References

CVE-2023-45360

Related Vulnerabilities

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3472)

Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-11586)

Joomla Other Vulnerability (CVE-2006-1030)

WordPress Plugin 360 Product Viewer Cross-Site Scripting (2.5.1)

WordPress Plugin All-in-One Event Calendar Multiple Cross-Site Scripting Vulnerabilities (1.5)

Severity

Medium

Classification

CVE-2023-45360 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities