CVE-2023-45360

State: PUBLISHED · Published: 2023-11-03 · Updated: 2025-11-04 · Assigner: mitre

Description

An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages. This is related to MediaWiki:Youhavenewmessagesfromusers.

CWE

CWE-79 — CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected

n/a / n/a — v=n/a [affected]

CVSS

(none)

References

https://phabricator.wikimedia.org/T340221
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/ vendor-advisory

Source

cvelistV5-main/cves/2023/45xxx/CVE-2023-45360.json