CVE-2023-37255

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-37255

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-37255.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-37255

Aliases

BIT-mediawiki-2023-37255

Published

2023-06-29T00:00:00Z

Modified

2026-05-15T04:07:03.026257837Z

Summary

[none]

Details

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In Special:CheckUser, a check of the "get edits" type is vulnerable to HTML injection through the User-Agent HTTP request header.

Database specific

{
    "unresolved_ranges": [
        {
            "source": "DESCRIPTION",
            "extracted_events": [
                {
                    "fixed": "1.39.3"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/37xxx/CVE-2023-37255.json",
    "cna_assigner": "mitre"
}

References

CVE-2023-37255

Affected packages