CVE-2023-45359Improper Encoding or Escaping of Output in Mediawiki

CWE-116Improper Encoding or Escaping of Output4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 55.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
MediawikiDebian Mediawiki
Timeline
PublishedOct 9

Description

An issue was discovered in the Vector Skin component for MediaWiki before 1.39.5 and 1.40.x before 1.40.1. vector-toc-toggle-button-label is not escaped, but should be, because the line param can have markup.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages2 packages

debiandebian/mediawiki< mediawiki 1:1.39.5-1~deb12u1 (bookworm)
Debianmediawiki/mediawiki< 1:1.39.5-1~deb12u1+2

🔴Vulnerability Details

2
GHSA
GHSA-8w2v-m598-22q3: An issue was discovered in the Vector Skin component for MediaWiki before 12024-10-09
OSV
CVE-2023-45359: An issue was discovered in the Vector Skin component for MediaWiki before 12024-10-09

📋Vendor Advisories

1
Debian
CVE-2023-45359: mediawiki - An issue was discovered in the Vector Skin component for MediaWiki before 1.39.5...2023