CVE-2023-45360
MEDIUM5.4EPSS 0.39%Published: 11/3/2023Modified: 4/28/2026
Description
An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages. This is related to MediaWiki:Youhavenewmessagesfromusers.
Affected packages (2)
- Bitnami/mediawikifrom 0, < 1.35.12, >= 1.39.0, < 1.39.5, >= 1.40.0, < 1.40.1
- Debian/mediawikifrom 0, < 1:1.35.13-1~deb11u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
References (5)
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2023-45360
- WEBhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/
- WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/
- WEBhttps://nvd.nist.gov/vuln/detail/CVE-2023-45360
- WEBhttps://phabricator.wikimedia.org/T340221