CVE-2023-22911

Description

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. E-Widgets does widget replacement in HTML attributes, which can lead to XSS, because widget authors often do not expect that their widget is executed in an HTML attribute context.

Related CPE's

a mediawiki mediawiki ********

a mediawiki mediawiki ********

a mediawiki mediawiki 1.39.0 rc0 ******

a mediawiki mediawiki 1.39.0 rc1 ******

a mediawiki mediawiki 1.39.0 -******

References

https://phabricator.wikimedia.org/T149488

ExploitIssue TrackingPatchVendor Advisory

FEDORA-2023-30a7a812f0

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics

Created by Yello

About Severity.io