Cross-Site Scripting (XSS) Vulnerability in MediaWiki CheckUser Extension

Cross-Site Scripting (XSS) Vulnerability in MediaWiki CheckUser Extension

CVE-2024-23172 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

An issue was discovered in the CheckUser extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via message definitions. e.g., in SpecialCheckUserLog.

Learn more about our User Device Pen Test.