CVE-2023-22911

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. E-Widgets does widget replacement in HTML attributes, which can lead to XSS, because widget authors often do not expect that their widget is executed in an HTML attribute context.
Configurations

Configuration 1

cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.39.0:rc0:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.39.0:rc1:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.39.0:-:*:*:*:*:*:*

Information

Published : 2023-01-10 08:15

Updated : 2023-01-27 11:15


NVD link : CVE-2023-22911

Mitre link : CVE-2023-22911

Products Affected
No products.
CWE