CVE-2014-9276
Description
Cross-site request forgery (CSRF) vulnerability in the Special:ExpandedTemplates page in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgRawHTML is set to true, allows remote attackers to hijack the authentication of users with edit permissions for requests that cross-site scripting (XSS) attacks via the wpInput parameter, which is not properly handled in the preview.
Risk Information
Base Score
7.1
MODERATE
Vector
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
EPSS Score
Exploitation Probability
0.114
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Update mediawiki 1.23.6 to latest version | Windows |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234