CVE-2023-22911
Description
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. E-Widgets does widget replacement in HTML attributes, which can lead to XSS, because widget authors often do not expect that their widget is executed in an HTML attribute context.
Related CPE's
References
ExploitIssue TrackingPatchVendor Advisory
CvssV3 impact
Could not find any metrics
CvssV2 impact
Could not find any metrics