CVE-2023-51704

Published: Dic 22, 2023 Last Modified: Nov 04, 2025

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,1

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: required

Scope: changed

Confidentiality: low

Integrity: low

Availability: none

Description

AI Translation Available

An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. In includes/logging/RightsLogFormatter.php, group-*-member messages can result in XSS on Special:log/rights.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0033

Percentile

0,6th

Updated

EPSS Score Trend (Last 91 Days)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Stable

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control Confidentiality Integrity Availability

Potential Impacts:

Bypass Protection Mechanism Read Application Data Execute Unauthorized Code Or Commands

Applicable Platforms

Technologies: AI/ML, Web Based, Web Server

Likelihood of Exploit: High

View CWE Details

Application

Mediawiki by Mediawiki

Product Information

Vendor Mediawiki

Product Mediawiki

Version Range Affected

From 1.40.0 (inclusive)

To 1.40.2 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Mediawiki by Mediawiki

Product Information

Vendor Mediawiki

Product Mediawiki

Version Range Affected

To 1.35.14 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Mediawiki by Mediawiki

Product Information

Vendor Mediawiki

Product Mediawiki

Version Range Affected

From 1.36.0 (inclusive)

To 1.39.6 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

https://lists.debian.org/debian-lts-announce/2024/04/msg000…

https://lists.debian.org/debian-lts-announce/2024/04/msg00018.html

https://lists.debian.org/debian-lts-announce/2024/09/msg000…

https://lists.debian.org/debian-lts-announce/2024/09/msg00039.html

https://lists.fedoraproject.org/archives/list/package-annou…

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapr…

https://lists.fedoraproject.org/archives/list/package-annou…

https://lists.fedoraproject.org/archives/list/[email protected]…

https://phabricator.wikimedia.org/T347726

https://lists.debian.org/debian-lts-announce/2024/04/msg000…

https://lists.debian.org/debian-lts-announce/2024/04/msg00018.html

https://lists.fedoraproject.org/archives/list/package-annou…

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapr…

https://phabricator.wikimedia.org/T347726

CVE-2023-51704

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 91 Days)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Common Consequences

Applicable Platforms

Mediawiki by Mediawiki

Product Information

Mediawiki by Mediawiki

Product Information

Mediawiki by Mediawiki

Product Information

Iscriviti alla newsletter