CVE-2023-22911

Vulnerability Description

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. E-Widgets does widget replacement in HTML attributes, which can lead to XSS, because widget authors often do not expect that their widget is executed in an HTML attribute context.

Vulnerability Details

Published Date

January 10, 2023

Last Modified

April 07, 2025

Source

NVD

CVE-2023-22911

Vulnerability Description

Vulnerability Details

Discussion (0)

Add Comment