CVE-2023-45360

EUVD-2023-49653
An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages. This is related to MediaWiki:Youhavenewmessagesfromusers.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CISA-ADPADP
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
Affected Products (NVD)
VendorProductVersion
mediawikimediawiki
𝑥
< 1.35.12
mediawikimediawiki
1.39.0 ≤
𝑥
< 1.39.5
mediawikimediawiki
1.40.0
mediawikimediawiki
1.40.0:rc0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
mediawiki
bookworm
1:1.39.10-1~deb12u1
fixed
bookworm (security)
1:1.39.10-1~deb12u1
fixed
bullseye
1:1.35.13-1+deb11u2
fixed
bullseye (security)
1:1.35.13-1+deb11u3
fixed
buster
ignored
sid
1:1.39.10-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mediawiki
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
lunar
ignored
mantic
ignored
noble
needs-triage
oracular
needs-triage
trusty
ignored
xenial
ignored
Common Weakness Enumeration
References
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/
https://phabricator.wikimedia.org/T340221
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/
https://phabricator.wikimedia.org/T340221