PT-2023-8946 · Mediawiki+2 · Mediawiki Proofreadpage Extension+2
Soda
·
Publicado
2023-10-08
·
Atualizado
2024-08-20
·
CVE-2023-45373
CVSS v2.0
6.4
Média
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
MediaWiki ProofreadPage extension versions prior to 1.35.12
MediaWiki ProofreadPage extension versions 1.36.x through 1.39.x before 1.39.5
MediaWiki ProofreadPage extension versions 1.40.x before 1.40.1
Description
The issue exists due to a lack of protection for the web page structure in the ProofreadPage extension for MediaWiki. This can allow a remote attacker to perform cross-site scripting attacks. The attack can occur via the
formatNumNoSeparators function.Recommendations
For MediaWiki ProofreadPage extension versions prior to 1.35.12, update to version 1.35.12 or later.
For MediaWiki ProofreadPage extension versions 1.36.x through 1.39.x, update to version 1.39.5 or later.
For MediaWiki ProofreadPage extension versions 1.40.x before 1.40.1, update to version 1.40.1 or later.
As a temporary workaround, consider disabling the
formatNumNoSeparators function until a patch is available.Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Mediawiki Proofreadpage Extension
Red Os