CVE-2023-37302

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Jun 30, 2023

Updated: Jul 7, 2023

CWE ID 79

Summary

CVE-2023-37302 is a cross-site scripting (XSS) vulnerability affecting SiteLinksView.php in Wikibase versions up to 1.39.3. An attacker can exploit this issue by crafting a malicious badge title attribute, which is then displayed without proper escaping. This vulnerability stems from insufficient escaping in wbTemplate, found in resources/wikibase/templates.js, regarding quotes within title attributes.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Mediawiki

Affected Vendors

Mediawiki

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/r1RCzG
https://www.cve.org/CVERecord?id=CVE-2023-37302
https://nvd.nist.gov/vuln/detail/CVE-2023-37302

Back to Vulnerability Database