Home > Vulnerability Database > CVE-2023-36675

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2023-36675

Date: June 25, 2023

An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature.

Language: PHP

Severity Score

6.1

Related Resources (12)

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6/

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O/

Url: https://www.mediawiki.org/wiki/Release_notes/1.40#Other_changes_in_1.40

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-36675

Url: https://phabricator.wikimedia.org/T332889

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5/

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6/

Url: https://security-tracker.debian.org/tracker/CVE-2023-36675

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O/

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5/

Url: https://www.debian.org/security/2023/dsa-5447

Url: https://www.mend.io/vulnerability-database/CVE-2023-36675

Severity Score

6.1

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Do you need more information?

Contact Us