Description

An issue was discovered in the PageTriage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. Usernames of hidden users are exposed.

Remediation

References

CVE-2023-45369

Related Vulnerabilities

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-21729)

XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-30537)

ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4752)

Drupal Core 4.6.x Security Bypass (4.6.0 - 4.6.5)

WordPress Plugin WordPress Custom Global Variable Unspecified Vulnerability (3.0.0)

Severity

Medium

Classification

CVE-2023-45369 CWE-732 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities