CVE-2023-22911

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-22911

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-22911.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-22911

Aliases

BIT-mediawiki-2023-22911

Downstream

UBUNTU-CVE-2023-22911

Published

2023-01-10T08:15:10.433Z

Modified

2026-02-13T02:36:53.486520Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. E-Widgets does widget replacement in HTML attributes, which can lead to XSS, because widget authors often do not expect that their widget is executed in an HTML attribute context.

References

Affected packages

Git / github.com/wikimedia/mediawiki

Affected ranges

Type: GIT
Repo: https://github.com/wikimedia/mediawiki
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

4a804b4950cd62bfbd1991471308e27793ab2a27

Introduced

bc542ec6d8573dfb906b468901799e0017875f1e

Fixed

1b1d48cd6fa6d7aed8f8c3fc3e729ba0078152e7

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-22911.json"