First published: Thu Jun 29 2023(Updated: )
An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In Special:CheckUser, a check of the "get edits" type is vulnerable to HTML injection through the User-Agent HTTP request header.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
MediaWiki MediaWiki | <=1.39.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this issue is CVE-2023-37255.
The affected software is MediaWiki version 1.39.3.
The severity of CVE-2023-37255 is medium, with a CVSS score of 6.1.
The vulnerability allows HTML injection through the User-Agent HTTP request header in the Special:CheckUser page of the CheckUser extension for MediaWiki.
Yes, upgrading to a version of MediaWiki that is not affected, such as a version after 1.39.3, will fix the vulnerability.