CVE-2023-36675
MEDIUM6.1EPSS 0.53%Published: 6/26/2023Modified: 4/28/2026
Description
An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature.
Affected packages (2)
- Bitnami/mediawikifrom 0, < 1.35.11, >= 1.36.0, < 1.38.7, >= 1.39.0, < 1.39.4
- Debian/mediawikifrom 0, < 1:1.35.11-1~deb11u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
References (8)
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2023-36675
- WEBhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6/
- WEBhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5/
- WEBhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O/
- WEBhttps://nvd.nist.gov/vuln/detail/CVE-2023-36675
- WEBhttps://phabricator.wikimedia.org/T332889
- WEBhttps://www.debian.org/security/2023/dsa-5447
- WEBhttps://www.mediawiki.org/wiki/Release_notes/1.40#Other_changes_in_1.40