Headline
CVE-2023-45360: i18n XSS in "you have new messages" message
An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages. This is related to MediaWiki:Youhavenewmessagesfromusers.
Risk Rating
Medium
Author Affiliation
WMF Technology Dept
- Task Graph
- Mentions
Event Timeline
Restricted Application added a subscriber: Aklapper.
Mstyles changed Risk Rating from N/A to High.
Mstyles added a parent task: Restricted Task.
Reedy renamed this task from i18n XSS in “you have new messages” message to CVE-2023-45360: i18n XSS in “you have new messages” message.
sbassett triaged this task as Medium priority.
sbassett changed Author Affiliation from N/A to WMF Technology Dept.
sbassett changed the visibility from “Custom Policy” to "Public (No Login Required)".
sbassett changed Risk Rating from High to Medium.