CVE-2023-37255 Information

Description

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In Special:CheckUser a check of the \get edits\ type is vulnerable to HTML injection through the User-Agent HTTP request header.

Reference

https://phabricator.wikimedia.org/T333569