Lucene search
HistoryJan 12, 2024 - 6:15 a.m.
CVE-2024-23178
cve-2024-23178
xss
vulnerability
phonos extension
mediawiki
nvd
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.0004 Low
EPSS
Percentile
14.2%
An issue was discovered in the Phonos extension in MediaWiki before 1.40.2. PhonosButton.js allows i18n-based XSS via the phonos-purge-needed-error message.
Affected configurations
Node
mediawikimediawikiRange<1.40.2
| CPE | Name | Operator | Version |
|---|---|---|---|
| mediawiki:mediawiki | mediawiki | lt | 1.40.2 |
Related
osv
osv
BIT-mediawiki-2024-23178
2024-03-06 10:56:05
CVE-2024-23178
2024-01-12 06:15:47
nvd
nvd
CVE-2024-23178
2024-01-12 06:15:47
cvelist
cvelist
CVE-2024-23178
2024-01-12 00:00:00
prion
prion
Design/Logic Flaw
2024-01-12 06:15:00
redos
redos
ROS-20240409-11
2024-04-09 00:00:00
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.0004 Low
EPSS
Percentile
14.2%
Related for CVE-2024-23178