Description

An issue was discovered in the PageTriage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. Usernames of hidden users are exposed.

Remediation

References

CVE-2023-45369

Related Vulnerabilities

WordPress Plugin Email Encoder-Protect Email Addresses Cross-Site Scripting (2.1.1)

Ruby Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2011-1004)

Oracle Database Server CVE-2015-2655 Vulnerability (CVE-2015-2655)

SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-0145)

WordPress Plugin HTML5 AV Manager for WordPress 'custom.php' Arbitrary File Upload (0.2.7)

Severity

Medium

Classification

CVE-2023-45369 CWE-732 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities