Lucene search

GoogleOSV:CVE-2023-45373

HistoryOct 09, 2023 - 6:15 a.m.

CVE-2023-45373

2023-10-0906:15:10

Google

osv.dev

cve-2023-45373

mediawiki

xss

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.2 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

An issue was discovered in the ProofreadPage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. XSS can occur via formatNumNoSeparators.

CPENameOperatorVersion
mediawikieq1.6.0
mediawikieq1.35.8
mediawikieq1.35.3
mediawikieq1.35.4
mediawikieq1.35.5
mediawikieq1.5.0beta1
mediawikieq1.35.1
mediawikieq1.5.0beta4
mediawikieq1.5.0alpha2
mediawikieq1.3.0beta1

Name	Operator	Version
mediawiki	eq	1.6.0
mediawiki	eq	1.35.8
mediawiki	eq	1.35.3
mediawiki	eq	1.35.4
mediawiki	eq	1.35.5
mediawiki	eq	1.5.0beta1
mediawiki	eq	1.35.1
mediawiki	eq	1.5.0beta4
mediawiki	eq	1.5.0alpha2
mediawiki	eq	1.3.0beta1

Rows per page:

1-10 of 251

References

gerrit.wikimedia.org/r/c/mediawiki/extensions/ProofreadPage/+/961262

phabricator.wikimedia.org/T345693

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.2 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for OSV:CVE-2023-45373