CVE-2024-23172
MEDIUMMediaWiki CheckUser Extension XSS via Message Definitions
Title source: llmDescription
An issue was discovered in the CheckUser extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via message definitions. e.g., in SpecialCheckUserLog.
References (2)
Core 2
Core References
Patch, Vendor Advisory
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/989179
Exploit, Vendor Advisory
https://phabricator.wikimedia.org/T347708
Scores
CVSS v3
5.4
EPSS
0.0062
EPSS Percentile
70.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (1)
mediawiki/mediawiki
< 1.35.14
Published
Jan 12, 2024
Tracked Since
Feb 18, 2026