CVE-2024-23172 Information

Description

An issue was discovered in the CheckUser extension in MediaWiki before 1.35.14 1.36.x through 1.39.x before 1.39.6 and 1.40.x before 1.40.2. XSS can occur via message definitions. e.g. in SpecialCheckUserLog.

Reference

https://phabricator.wikimedia.org/T347708 https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/989179