CVE-2023-37255

Name of the Vulnerable Software and Affected Versions CheckUser extension for MediaWiki versions through 1.39.3

Description An issue in the CheckUser extension for MediaWiki allows HTML injection through the User-Agent HTTP request header in Special:CheckUser when performing a "get edits" type check.

Recommendations For CheckUser extension for MediaWiki versions through 1.39.3, consider disabling the "get edits" type check in Special:CheckUser until a patch is available to prevent HTML injection through the User-Agent HTTP request header.