CVE-2023-35938

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Jun 29, 2023

Updated: Jul 10, 2023

CWE ID 281

Summary

CVE-2023-37255 is a vulnerability affecting the CheckUser extension in MediaWiki versions up to 1.39.3. This issue allows an attacker to inject HTML code through the User-Agent HTTP request header in the "get edits" type request in Special:CheckUser. An attacker could potentially manipulate the display or steal sensitive information from the interface. Users are advised to update their MediaWiki installations as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Enalean Tuleap

Affected Vendors

Enalean

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/r0mMBJ
https://www.cve.org/CVERecord?id=CVE-2023-35938
https://nvd.nist.gov/vuln/detail/CVE-2023-35938

Back to Vulnerability Database