CVE-2023-51704

2023-12-2202:15:42

Debian Security Bug Tracker

security-tracker.debian.org

mediawiki

xss

rightslogformatter

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.1

Confidence

High

EPSS

0.001

Percentile

20.6%

JSON

An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. In includes/logging/RightsLogFormatter.php, group-*-member messages can result in XSS on Special:log/rights.

OSVersionArchitecturePackageVersionFilename
Debian12allmediawiki< 1:1.39.7-1~deb12u1mediawiki_1:1.39.7-1~deb12u1_all.deb
Debian11allmediawiki< 1:1.35.13-1+deb11u3mediawiki_1:1.35.13-1+deb11u3_all.deb
Debian999allmediawiki< 1:1.39.6-1mediawiki_1:1.39.6-1_all.deb
Debian13allmediawiki< 1:1.39.6-1mediawiki_1:1.39.6-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	mediawiki	< 1:1.39.7-1~deb12u1	mediawiki_1:1.39.7-1~deb12u1_all.deb
Debian	11	all	mediawiki	< 1:1.35.13-1+deb11u3	mediawiki_1:1.35.13-1+deb11u3_all.deb
Debian	999	all	mediawiki	< 1:1.39.6-1	mediawiki_1:1.39.6-1_all.deb
Debian	13	all	mediawiki	< 1:1.39.6-1	mediawiki_1:1.39.6-1_all.deb