{"id":"CVE-2023-36675","details":"An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature.","aliases":["BIT-mediawiki-2023-36675"],"modified":"2026-04-10T05:00:20.493026Z","published":"2023-06-26T01:15:09.203Z","related":["MGASA-2023-0241"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2023/dsa-5447"},{"type":"ADVISORY","url":"https://www.mediawiki.org/wiki/Release_notes/1.40#Other_changes_in_1.40"},{"type":"REPORT","url":"https://phabricator.wikimedia.org/T332889"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/wikimedia/mediawiki","events":[{"introduced":"0"},{"fixed":"b8d14e9d292f1199b959b9ce26d99f72bf935406"},{"introduced":"bc542ec6d8573dfb906b468901799e0017875f1e"},{"fixed":"059c8e1b9a315c36ae827f929ea9a077acbba2eb"},{"introduced":"c95fc4786beba034fa643062b98a60ccbde831fd"},{"fixed":"c4075dfdbcb51df3c922aef582cf5b4091759595"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.35.11"},{"introduced":"1.36.0"},{"fixed":"1.38.7"},{"introduced":"1.39.0"},{"fixed":"1.39.4"}]}}],"versions":["1.1.0","1.3.0beta1","1.35.0","1.35.0-rc.0","1.35.0-rc.1","1.35.0-rc.2","1.35.0-rc.3","1.35.1","1.35.10","1.35.2","1.35.3","1.35.4","1.35.5","1.35.6","1.35.7","1.35.8","1.35.9","1.38.0","1.38.0-rc.0","1.38.0-rc.1","1.38.1","1.38.2","1.38.3","1.38.4","1.38.5","1.38.6","1.39.0","1.39.1","1.39.2","1.39.3","1.5.0alpha1","1.5.0alpha2","1.5.0beta1","1.5.0beta2","1.5.0beta3","1.5.0beta4","1.6.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-36675.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}