CVE-2023-36675

CVSS v3.1 6.1 (Medium)

EPSS 0.12 % (48^th)

Affected Products 1

Advisories 5

An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature.

Weaknesses

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2023-06-26 01:15:09
(14 months ago)
Updated Date: 2023-11-07 04:16:42
(10 months ago)

Affected Products

Mediawiki

Mediawiki

Configuration #1

	CPE23	From	Up To
Mediawiki prior 1.35.11 version	cpe:2.3:a:mediawiki:mediawiki		< 1.35.11
Mediawiki from 1.36.0 version and prior 1.38.7 version	cpe:2.3:a:mediawiki:mediawiki	>= 1.36.0	< 1.38.7
Mediawiki from 1.39.0 version and prior 1.39.4 version	cpe:2.3:a:mediawiki:mediawiki	>= 1.39.0	< 1.39.4