XML Namespace Validation Bypass in Mediawiki v1.40.0

XML Namespace Validation Bypass in Mediawiki v1.40.0

CVE-2023-3550 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

Mediawiki v1.40.0 does not validate namespaces used in XML files. Therefore, if the instance administrator allows XML file uploads, a remote attacker with a low-privileged user account can use this exploit to become an administrator by sending a malicious link to the instance administrator.

Learn more about our User Device Pen Test.