CVE-2023-45359 Information

Nov 01, 2024 cve

Description

An issue was discovered in the Vector Skin component for MediaWiki before 1.39.5 and 1.40.x before 1.40.1. vector-toc-toggle-button-label is not escaped but should be because the line param can have markup.

Reference

https://phabricator.wikimedia.org/T340217 https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/skins/Vector/+/c17b956e0750e051ac7c1098e3ff625f0db82b2c

Share on: