CVE-2023-45359

Improper Encoding or Escaping of Output (CWE-116)

Published: Oct 9, 2024 / Updated: 41d ago

010
CVSS 6.5EPSS 0.04%Medium
CVE info copied to clipboard

An issue was discovered in the Vector Skin component for MediaWiki before 1.39.5 and 1.40.x before 1.40.1. vector-toc-toggle-button-label is not escaped, but should be, because the line param can have markup.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Timeline

First Article

Feedly found the first article mentioning CVE-2023-45359. See article

Oct 10, 2023 at 8:45 PM / www.pro-linux.de
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Oct 9, 2024 at 6:06 AM
CVE Assignment

NVD published the first details for CVE-2023-45359

Oct 9, 2024 at 6:15 AM
CVSS

A CVSS base score of 6.5 has been assigned.

Oct 9, 2024 at 10:40 PM / nvd
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.7%)

Oct 10, 2024 at 12:55 PM
Static CVE Timeline Graph

Affected Systems

Mediawiki/mediawiki
+null more

Attack Patterns

CAPEC-104: Cross Zone Scripting
+null more

News

cveNotify : 🚨 CVE-2023-45359An issue was discovered in the Vector Skin component for MediaWiki before 1.39.5 and 1.40.x before 1.40.1. vector-toc-toggle-button-label is not escaped, but should be, because the line param can have markup.🎖@cveNotify
cveNotify : 🚨 CVE-2023-45359An issue was discovered in the Vector Skin component for MediaWiki before 1.39.5 and 1.40.x before 1.40.1. vector-toc-toggle-button-label is not escaped, but should be, because the line param can have markup.🎖@cveNotify
NA - CVE-2023-45359 - An issue was discovered in the Vector Skin...
An issue was discovered in the Vector Skin component for MediaWiki before 1.39.5 and 1.40.x before 1.40.1. vector-toc-toggle-button-label is not escaped, but should be, because the line param can...
CVE-2023-45359
An issue was discovered in the Vector Skin component for MediaWiki before 1.39.5 and 1.40.x before 1.40.1. vector-toc-toggle-button-label is not escaped, but should be, because the line param can have...
CVE-2023-45359 | Vector Skin up to 1.39.4/1.40.0 on MediaWiki Vector-toc-toggle-button-label escape output
A vulnerability was found in Vector Skin up to 1.39.4/1.40.0 on MediaWiki. It has been classified as problematic . Affected is an unknown function. The manipulation of the argument Vector-toc-toggle-button-label leads to escaping of output. This vulnerability is traded as CVE-2023-45359 . The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.
CVE-2023-45359
An issue was discovered in the Vector Skin component for MediaWiki before 1.39.5 and 1.40.x before 1.40.1. vector-toc-toggle-button-label is not escaped, but should be, because the line param can have...
See 12 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:Low
Integrity:Low
Availability Impact:None

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI