CVE-2024-23172

MEDIUM5.4EPSS 0.62%

Published: 3/6/2024Modified: 4/3/2025

Description

An issue was discovered in the CheckUser extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via message definitions. e.g., in SpecialCheckUserLog.

Affected packages (1)

Bitnami/mediawikifrom 0, < 1.41.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

References (3)

WEBhttps://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/989179
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2024-23172
WEBhttps://phabricator.wikimedia.org/T347708