CVE-2023-22911

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-22911

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-22911.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-22911

Aliases

BIT-mediawiki-2023-22911

Related

UBUNTU-CVE-2023-22911

Published

2023-01-10T08:15:10Z

Modified

2025-04-07T20:50:31.447603Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. E-Widgets does widget replacement in HTML attributes, which can lead to XSS, because widget authors often do not expect that their widget is executed in an HTML attribute context.

References

Affected packages

Git / github.com/wikimedia/mediawiki

Affected ranges

Type: GIT
Repo: https://github.com/wikimedia/mediawiki
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

4a804b4950cd62bfbd1991471308e27793ab2a27

Affected versions

1.*

1.1.0

1.3.0beta1

1.35.0

1.35.0-rc.0

1.35.0-rc.1

1.35.0-rc.2

1.35.0-rc.3

1.35.1

1.35.2

1.35.3

1.35.4

1.35.5

1.35.6

1.35.7

1.35.8

1.5.0alpha1

1.5.0alpha2

1.5.0beta1

1.5.0beta2

1.5.0beta3

1.5.0beta4

1.6.0