Lucene search
HistoryJun 29, 2023 - 4:15 p.m.
CVE-2023-37254
vulnerability
xss
mediawiki
cargo extension
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
20.6%
An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. XSS can occur in Special:CargoQuery via a crafted page item when using the default format.
Affected configurations
Node
mediawikimediawikiRange≤1.39.3
References
Related
cve
cve
CVE-2023-37254
2023-06-29 16:15:10
cvelist
cvelist
CVE-2023-37254
2023-06-29 00:00:00
osv
osv
BIT-mediawiki-2023-37254
2024-03-06 11:00:49
CVE-2023-37254
2023-06-29 16:15:10
prion
prion
Format string
2023-06-29 16:15:00
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
20.6%
Related for NVD:CVE-2023-37254