Description

An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. It allows one to store javascript: URLs in URL fields, and automatically links these URLs.

Remediation

References

CVE-2023-37256

Related Vulnerabilities

Oracle Application Server CVE-2008-2614 Vulnerability (CVE-2008-2614)

WordPress 5.0.x Prototype Pollution (5.0 - 5.0.15)

WordPress Plugin Social Media Widget by Acurax Multiple Unspecified Vulnerabilities (3.2.3)

WordPress Plugin Bliss Gallery 'upload.php' Arbitrary File Upload (2.1)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-33332)

Severity

Medium

Classification

CVE-2023-37256 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Tags

Missing Update Known Vulnerabilities