CVE-2023-45360

Name of the Vulnerable Software and Affected Versions MediaWiki versions prior to 1.35.12 MediaWiki versions 1.36.x through 1.39.x before 1.39.5 MediaWiki versions 1.40.x before 1.40.1

Description The issue is related to cross-site scripting (XSS) in the youhavenewmessagesmanyusers and youhavenewmessages i18n messages, which is connected to the MediaWiki:Youhavenewmessagesfromusers message. This is due to improper neutralization of input during web page creation, allowing a remote attacker to perform cross-site scripting attacks.

Recommendations For MediaWiki versions prior to 1.35.12, update to version 1.35.12 or later. For MediaWiki versions 1.36.x through 1.39.x, update to version 1.39.5 or later. For MediaWiki versions 1.40.x before 1.40.1, update to version 1.40.1 or later. As a temporary workaround, consider restricting access to the youhavenewmessagesmanyusers and youhavenewmessages i18n messages until a patch is available.