CVE-2023-37254: XSS
First published: Thu Jun 29 2023(Updated: )
An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. XSS can occur in Special:CargoQuery via a crafted page item when using the default format.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MediaWiki MediaWiki | <=1.39.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2023-37254.
What is the severity rating of CVE-2023-37254?
CVE-2023-37254 has a severity rating of medium (6.1).
How does the vulnerability CVE-2023-37254 occur?
CVE-2023-37254 occurs in the Cargo extension for MediaWiki through version 1.39.3 when using the default format in Special:CargoQuery via a crafted page item.
What is the affected software of CVE-2023-37254?
The affected software of CVE-2023-37254 is MediaWiki through version 1.39.3.
Is there a fix available for CVE-2023-37254?
Yes, a fix for CVE-2023-37254 is available. Please refer to the provided reference link for more information.
- agent/type
- agent/last-modified-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/softwarecombine
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/mediawiki
- canonical/mediawiki mediawiki
- version/mediawiki mediawiki/1.39.3