CVE-2023-36675Cross-site Scripting in Mediawiki

CWE-79Cross-site Scripting5 documents5 sources
Severity
6.1MEDIUMNVD
EPSS
0.5%
top 32.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
MediawikiDebian Mediawiki
Timeline
PublishedJun 26

Description

An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

debiandebian/mediawiki< mediawiki 1:1.39.4-1~deb12u1 (bookworm)
NVDmediawiki/mediawiki1.36.01.38.7+2
Debianmediawiki/mediawiki< 1:1.35.11-1~deb11u1+3

🔴Vulnerability Details

2
OSV
CVE-2023-36675: An issue was discovered in MediaWiki before 12023-06-26
GHSA
GHSA-q7gg-775p-p35h: An issue was discovered in MediaWiki before 12023-06-26

📋Vendor Advisories

2
Red Hat
mediawiki: cross site scripting2023-06-26
Debian
CVE-2023-36675: mediawiki - An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x befor...2023
CVE-2023-36675 — Cross-site Scripting in Mediawiki | cvebase