CVE-2023-45373

MEDIUM6.1EPSS 0.31%

Published: 3/6/2024Modified: 4/3/2025

Description

An issue was discovered in the ProofreadPage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. XSS can occur via formatNumNoSeparators.

Affected packages (1)

Bitnami/mediawikifrom 0, < 1.35.12, >= 1.36.0, < 1.39.5, >= 1.40.0, < 1.40.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References (3)

WEBhttps://gerrit.wikimedia.org/r/c/mediawiki/extensions/ProofreadPage/+/961262
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2023-45373
WEBhttps://phabricator.wikimedia.org/T345693