Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-51704

Опубликовано: 22 дек. 2023
Источник: redhat
CVSS3: 6.3
EPSS Низкий

Описание

An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. In includes/logging/RightsLogFormatter.php, group--member messages can result in XSS on Special:log/rights.

A flaw was found in the Special:log/rights page in MediaWiki. Messages related to group memberships (group--member) within includes/logging/RightsLogFormatter.php are susceptible to cross-site scripting (XSS) attacks due to inadequate escape handling. This issue could enable an attacker to execute malicious scripts within the affected page, posing a risk of unauthorized code execution or other malicious activities.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenShift Container Platform 3.11mediawikiOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-80
https://bugzilla.redhat.com/show_bug.cgi?id=2255582mediawiki: group-.*-member messages are not properly escaped on Special:log/rights

EPSS

Процентиль: 55%
0.00331
Низкий

6.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-51704

CVSS3: 6.1
ubuntu
около 2 лет назад

An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. In includes/logging/RightsLogFormatter.php, group-*-member messages can result in XSS on Special:log/rights.

nvd логотип

CVE-2023-51704

CVSS3: 6.1
nvd
около 2 лет назад

An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. In includes/logging/RightsLogFormatter.php, group-*-member messages can result in XSS on Special:log/rights.

debian логотип

CVE-2023-51704

CVSS3: 6.1
debian
около 2 лет назад

An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1. ...

github логотип

GHSA-pmh9-hwq5-vvpj

CVSS3: 6.1
github
около 2 лет назад

An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. In includes/logging/RightsLogFormatter.php, group-*-member messages can result in XSS on Special:log/rights.

fstec логотип

BDU:2024-02778

CVSS3: 6.1
fstec
около 2 лет назад

Уязвимость файла include/logging/RightsLogFormatter.php программного средства для реализации гипертекстовой среды MediaWiki, позволяющая нарушителю осуществлять межсайтовые сценарные атаки (XSS)

EPSS

Процентиль: 55%
0.00331
Низкий

6.3 Medium

CVSS3