CVE-2023-22911

MEDIUM6.1EPSS 0.56%

Published: 3/6/2024Modified: 4/3/2025

Description

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. E-Widgets does widget replacement in HTML attributes, which can lead to XSS, because widget authors often do not expect that their widget is executed in an HTML attribute context.

Affected packages (1)

Bitnami/mediawikifrom 0, < 1.35.9, >= 1.36.0, < 1.38.5, >= 1.39.0, < 1.39.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References (3)

WEBhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AP65YEN762IBNQPOYGUVLTQIDLM5XD2A/
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2023-22911
WEBhttps://phabricator.wikimedia.org/T149488