Cross-Site Scripting (XSS) Vulnerability in MediaWiki BlockLogFormatter

Cross-Site Scripting (XSS) Vulnerability in MediaWiki BlockLogFormatter

CVE-2023-36675 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature.

Learn more about our Web Application Penetration Testing UK.