Description

An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature.

Remediation

References

CVE-2023-36675

Related Vulnerabilities

WordPress Plugin Gutenberg Template Library & Redux Framework Multiple Cross-Site Scripting Vulnerabilities (3.6.0.2)

Apache HTTP Server Uncontrolled Resource Consumption Vulnerability (CVE-2011-3192)

Vanilla Forums CVE-2013-3528 Vulnerability (CVE-2013-3528)

WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Directory Traversal (1.3.33)

Moodle URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-14830)

Severity

Medium

Classification

CVE-2023-36675 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Tags

Missing Update Known Vulnerabilities