CVE-2024-23172

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-23172
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-23172.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-23172
Aliases
Published
2024-01-12T05:15:10.187Z
Modified
2026-03-13T07:50:37.596043Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in the CheckUser extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via message definitions. e.g., in SpecialCheckUserLog.

References

Affected packages

Git / github.com/wikimedia/mediawiki

Affected ranges

Type
GIT
Repo
https://github.com/wikimedia/mediawiki
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
7bb0aeb9dc77558628aece8e0827c8928f6e056c
Introduced
bc542ec6d8573dfb906b468901799e0017875f1e
Fixed
3406e1b7d014d22f2a68237ebf447a88b5ac74ed
Introduced
468dd69d6ee8e84b9ab26d0ee3d52f215faaf0d4
Fixed
b886c60c6af24561c805d1d7a2dd6cc0618a53c7
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.35.14"
        },
        {
            "introduced": "1.36.0"
        },
        {
            "fixed": "1.39.6"
        },
        {
            "introduced": "1.40.0"
        },
        {
            "fixed": "1.40.2"
        }
    ]
}

Affected versions

1.*
1.40.0
1.40.1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-23172.json"