Description

An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages. This is related to MediaWiki:Youhavenewmessagesfromusers.

Remediation

References

CVE-2023-45360

Related Vulnerabilities

WordPress Plugin Accept Stripe Donation-AidWP Security Bypass (2.8)

XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-29210)

TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-3717)

WordPress Plugin Google Forms Server-Side Request Forgery (0.91)

WordPress Plugin All-in-One WP Migration Security Bypass (7.14)

Severity

Medium

Classification

CVE-2023-45360 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities