Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/mediawiki@1:1.39.5-1~deb12u1?distro=trixie

Type deb

Namespace debian

Name mediawiki

Version 1:1.39.5-1~deb12u1

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 1:1.39.5-1

Latest_non_vulnerable_version 1:1.43.8+dfsg-2

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-2xja-2whv-fqe4

vulnerability_id VCID-2xja-2whv-fqe4

summary mediawiki: diff-multi-sameuser ("X intermediate revisions by the same user not shown") ignores username suppression

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45362.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45362.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-45362

reference_id

reference_type

scores

value	0.00392
scoring_system	epss
scoring_elements	0.60186
published_at	2026-04-02T12:55:00Z

value	0.00392
scoring_system	epss
scoring_elements	0.60211
published_at	2026-04-04T12:55:00Z

value	0.00392
scoring_system	epss
scoring_elements	0.6018
published_at	2026-04-07T12:55:00Z

value	0.00392
scoring_system	epss
scoring_elements	0.6023
published_at	2026-04-08T12:55:00Z

value	0.00392
scoring_system	epss
scoring_elements	0.60244
published_at	2026-04-09T12:55:00Z

value	0.00392
scoring_system	epss
scoring_elements	0.60265
published_at	2026-04-11T12:55:00Z

value	0.00392
scoring_system	epss
scoring_elements	0.60251
published_at	2026-04-12T12:55:00Z

value	0.00392
scoring_system	epss
scoring_elements	0.60234
published_at	2026-04-13T12:55:00Z

value	0.00392
scoring_system	epss
scoring_elements	0.60273
published_at	2026-04-16T12:55:00Z

value	0.00392
scoring_system	epss
scoring_elements	0.60281
published_at	2026-04-18T12:55:00Z

value	0.00392
scoring_system	epss
scoring_elements	0.60267
published_at	2026-04-21T12:55:00Z

value	0.00392
scoring_system	epss
scoring_elements	0.60239
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-45362

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2247805
reference_id	2247805
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2247805

fixed_packages

url	pkg:deb/debian/mediawiki@1:1.35.13-1~deb11u1?distro=trixie
purl	pkg:deb/debian/mediawiki@1:1.35.13-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1~deb11u1%3Fdistro=trixie

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/mediawiki@1:1.39.5-1~deb12u1?distro=trixie
purl	pkg:deb/debian/mediawiki@1:1.39.5-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.5-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/mediawiki@1:1.39.5-1?distro=trixie
purl	pkg:deb/debian/mediawiki@1:1.39.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.5-1%3Fdistro=trixie

url pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1?distro=trixie

purl pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1?distro=trixie

purl pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-buwp-69zb-93hs

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-q7k6-59z5-d7a7

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xdct-ca96-3uat

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1?distro=trixie

purl pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kw32-af5a-hqg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie

aliases CVE-2023-45362

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2xja-2whv-fqe4

url VCID-c7bg-91ab-33b4

vulnerability_id VCID-c7bg-91ab-33b4

summary An issue was discovered in includes/page/Article.php in MediaWiki 1.36.x through 1.39.x before 1.39.5 and 1.40.x before 1.40.1. Deleted revision existence is leaked due to incorrect permissions being checked. This reveals that a given revision ID belonged to the given page title, and its timestamp, both of which are not supposed to be public information.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-45364

reference_id

reference_type

scores

value	0.00117
scoring_system	epss
scoring_elements	0.304
published_at	2026-04-24T12:55:00Z

value	0.00117
scoring_system	epss
scoring_elements	0.30579
published_at	2026-04-21T12:55:00Z

value	0.00117
scoring_system	epss
scoring_elements	0.30735
published_at	2026-04-02T12:55:00Z

value	0.00117
scoring_system	epss
scoring_elements	0.30784
published_at	2026-04-04T12:55:00Z

value	0.00117
scoring_system	epss
scoring_elements	0.306
published_at	2026-04-07T12:55:00Z

value	0.00117
scoring_system	epss
scoring_elements	0.30657
published_at	2026-04-08T12:55:00Z

value	0.00117
scoring_system	epss
scoring_elements	0.3069
published_at	2026-04-09T12:55:00Z

value	0.00117
scoring_system	epss
scoring_elements	0.30694
published_at	2026-04-11T12:55:00Z

value	0.00117
scoring_system	epss
scoring_elements	0.3065
published_at	2026-04-12T12:55:00Z

value	0.00117
scoring_system	epss
scoring_elements	0.30605
published_at	2026-04-13T12:55:00Z

value	0.00117
scoring_system	epss
scoring_elements	0.30631
published_at	2026-04-16T12:55:00Z

value	0.00117
scoring_system	epss
scoring_elements	0.30613
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-45364

reference_url

https://phabricator.wikimedia.org/T264765

reference_id

T264765

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-19T18:12:46Z/

url

https://phabricator.wikimedia.org/T264765

fixed_packages

url	pkg:deb/debian/mediawiki@0?distro=trixie
purl	pkg:deb/debian/mediawiki@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@0%3Fdistro=trixie

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/mediawiki@1:1.39.5-1~deb12u1?distro=trixie
purl	pkg:deb/debian/mediawiki@1:1.39.5-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.5-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/mediawiki@1:1.39.5-1?distro=trixie
purl	pkg:deb/debian/mediawiki@1:1.39.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.5-1%3Fdistro=trixie

url pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1?distro=trixie

purl pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1?distro=trixie

purl pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-buwp-69zb-93hs

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-q7k6-59z5-d7a7

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xdct-ca96-3uat

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1?distro=trixie

purl pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kw32-af5a-hqg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie

aliases CVE-2023-45364

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c7bg-91ab-33b4

url VCID-ea7c-xk4h-13fs

vulnerability_id VCID-ea7c-xk4h-13fs

summary mediawiki: stored XSS leads to privilege escalation

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3550.json

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3550.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-3550

reference_id

reference_type

scores

value	0.00185
scoring_system	epss
scoring_elements	0.4022
published_at	2026-04-08T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.39954
published_at	2026-04-24T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40245
published_at	2026-04-04T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40167
published_at	2026-04-07T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40231
published_at	2026-04-09T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40244
published_at	2026-04-11T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40205
published_at	2026-04-18T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40187
published_at	2026-04-13T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40235
published_at	2026-04-16T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40127
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-3550

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2240807
reference_id	2240807
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2240807

reference_url

https://fluidattacks.com/advisories/blondie/

reference_id

blondie

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-24T15:57:17Z/

url

https://fluidattacks.com/advisories/blondie/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/

reference_id

FU2FGUXXK6TMV6R52VRECLC6XCSQQISY

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-24T15:57:17Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/

reference_url

https://www.mediawiki.org/wiki/MediaWiki/

reference_id

MediaWiki

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-24T15:57:17Z/

url

https://www.mediawiki.org/wiki/MediaWiki/

fixed_packages

url	pkg:deb/debian/mediawiki@1:1.35.13-1~deb11u1?distro=trixie
purl	pkg:deb/debian/mediawiki@1:1.35.13-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1~deb11u1%3Fdistro=trixie

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/mediawiki@1:1.39.5-1~deb12u1?distro=trixie
purl	pkg:deb/debian/mediawiki@1:1.39.5-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.5-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/mediawiki@1:1.39.5-1?distro=trixie
purl	pkg:deb/debian/mediawiki@1:1.39.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.5-1%3Fdistro=trixie

url pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1?distro=trixie

purl pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1?distro=trixie

purl pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-buwp-69zb-93hs

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-q7k6-59z5-d7a7

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xdct-ca96-3uat

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1?distro=trixie

purl pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kw32-af5a-hqg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie

aliases CVE-2023-3550

risk_score 3.3

exploitability 0.5

weighted_severity 6.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ea7c-xk4h-13fs

url VCID-jm7q-2w3j-buhh

vulnerability_id VCID-jm7q-2w3j-buhh

summary

MediaWiki Denial of Service vulnerability
An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and converttitles set.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-45363

reference_id

reference_type

scores

value	0.11025
scoring_system	epss
scoring_elements	0.93415
published_at	2026-04-07T12:55:00Z

value	0.11025
scoring_system	epss
scoring_elements	0.93467
published_at	2026-04-24T12:55:00Z

value	0.11025
scoring_system	epss
scoring_elements	0.93464
published_at	2026-04-21T12:55:00Z

value	0.11025
scoring_system	epss
scoring_elements	0.93424
published_at	2026-04-08T12:55:00Z

value	0.11025
scoring_system	epss
scoring_elements	0.93427
published_at	2026-04-09T12:55:00Z

value	0.11025
scoring_system	epss
scoring_elements	0.93432
published_at	2026-04-12T12:55:00Z

value	0.11025
scoring_system	epss
scoring_elements	0.93433
published_at	2026-04-13T12:55:00Z

value	0.11025
scoring_system	epss
scoring_elements	0.93452
published_at	2026-04-16T12:55:00Z

value	0.11025
scoring_system	epss
scoring_elements	0.93458
published_at	2026-04-18T12:55:00Z

value	0.11025
scoring_system	epss
scoring_elements	0.93407
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-45363

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363

reference_url

https://github.com/wikimedia/mediawiki

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/wikimedia/mediawiki

reference_url

https://github.com/wikimedia/mediawiki/commit/24c3ef2474c6daa20ed48168d46196a55346dfd8

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/wikimedia/mediawiki/commit/24c3ef2474c6daa20ed48168d46196a55346dfd8

reference_url

https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:57Z/

url

https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html

reference_url

https://phabricator.wikimedia.org/T333050

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:57Z/

url

https://phabricator.wikimedia.org/T333050

reference_url

https://www.debian.org/security/2023/dsa-5520

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:57Z/

url

https://www.debian.org/security/2023/dsa-5520

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-45363

reference_id

CVE-2023-45363

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-45363

reference_url

https://github.com/advisories/GHSA-w5fx-cx7f-6vr9

reference_id

GHSA-w5fx-cx7f-6vr9

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-w5fx-cx7f-6vr9

fixed_packages

url	pkg:deb/debian/mediawiki@1:1.35.13-1~deb11u1?distro=trixie
purl	pkg:deb/debian/mediawiki@1:1.35.13-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1~deb11u1%3Fdistro=trixie

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/mediawiki@1:1.39.5-1~deb12u1?distro=trixie
purl	pkg:deb/debian/mediawiki@1:1.39.5-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.5-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/mediawiki@1:1.39.5-1?distro=trixie
purl	pkg:deb/debian/mediawiki@1:1.39.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.5-1%3Fdistro=trixie

url pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1?distro=trixie

purl pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1?distro=trixie

purl pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-buwp-69zb-93hs

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-q7k6-59z5-d7a7

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xdct-ca96-3uat

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1?distro=trixie

purl pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kw32-af5a-hqg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie

aliases CVE-2023-45363, GHSA-w5fx-cx7f-6vr9

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jm7q-2w3j-buhh

url VCID-pp1z-ybpu-xbby

vulnerability_id VCID-pp1z-ybpu-xbby

summary An issue was discovered in VectorComponentUserLinks.php in the Vector Skin component in MediaWiki before 1.39.5 and 1.40.x before 1.40.1. vector-intro-page MalformedTitleException is uncaught if it is not a valid title, leading to incorrect web pages.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-45361

reference_id

reference_type

scores

value	0.00188
scoring_system	epss
scoring_elements	0.40448
published_at	2026-04-24T12:55:00Z

value	0.00188
scoring_system	epss
scoring_elements	0.40658
published_at	2026-04-16T12:55:00Z

value	0.00188
scoring_system	epss
scoring_elements	0.40627
published_at	2026-04-18T12:55:00Z

value	0.00188
scoring_system	epss
scoring_elements	0.4055
published_at	2026-04-21T12:55:00Z

value	0.00188
scoring_system	epss
scoring_elements	0.4064
published_at	2026-04-08T12:55:00Z

value	0.00188
scoring_system	epss
scoring_elements	0.40668
published_at	2026-04-04T12:55:00Z

value	0.00188
scoring_system	epss
scoring_elements	0.40589
published_at	2026-04-07T12:55:00Z

value	0.00188
scoring_system	epss
scoring_elements	0.40649
published_at	2026-04-09T12:55:00Z

value	0.00188
scoring_system	epss
scoring_elements	0.40667
published_at	2026-04-11T12:55:00Z

value	0.00188
scoring_system	epss
scoring_elements	0.4063
published_at	2026-04-12T12:55:00Z

value	0.00188
scoring_system	epss
scoring_elements	0.40611
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-45361

reference_url

https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/skins/Vector/+/2a452b7e2562cba32b8a17bc91dc5abb531f0a1c

reference_id

2a452b7e2562cba32b8a17bc91dc5abb531f0a1c

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:02:03Z/

url

https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/skins/Vector/+/2a452b7e2562cba32b8a17bc91dc5abb531f0a1c

reference_url

https://phabricator.wikimedia.org/T340220

reference_id

T340220

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:02:03Z/

url

https://phabricator.wikimedia.org/T340220

fixed_packages

url	pkg:deb/debian/mediawiki@0?distro=trixie
purl	pkg:deb/debian/mediawiki@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@0%3Fdistro=trixie

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/mediawiki@1:1.39.5-1~deb12u1?distro=trixie
purl	pkg:deb/debian/mediawiki@1:1.39.5-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.5-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/mediawiki@1:1.39.5-1?distro=trixie
purl	pkg:deb/debian/mediawiki@1:1.39.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.5-1%3Fdistro=trixie

url pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1?distro=trixie

purl pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1?distro=trixie

purl pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-buwp-69zb-93hs

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-q7k6-59z5-d7a7

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xdct-ca96-3uat

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1?distro=trixie

purl pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kw32-af5a-hqg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie

aliases CVE-2023-45361

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pp1z-ybpu-xbby

url VCID-rn3q-78tk-w3am

vulnerability_id VCID-rn3q-78tk-w3am

summary An issue was discovered in the Vector Skin component for MediaWiki before 1.39.5 and 1.40.x before 1.40.1. vector-toc-toggle-button-label is not escaped, but should be, because the line param can have markup.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-45359

reference_id

reference_type

scores

value	0.00221
scoring_system	epss
scoring_elements	0.44659
published_at	2026-04-24T12:55:00Z

value	0.00221
scoring_system	epss
scoring_elements	0.44817
published_at	2026-04-16T12:55:00Z

value	0.00221
scoring_system	epss
scoring_elements	0.4481
published_at	2026-04-18T12:55:00Z

value	0.00221
scoring_system	epss
scoring_elements	0.4474
published_at	2026-04-21T12:55:00Z

value	0.00221
scoring_system	epss
scoring_elements	0.44761
published_at	2026-04-12T12:55:00Z

value	0.00221
scoring_system	epss
scoring_elements	0.44782
published_at	2026-04-04T12:55:00Z

value	0.00221
scoring_system	epss
scoring_elements	0.4472
published_at	2026-04-07T12:55:00Z

value	0.00221
scoring_system	epss
scoring_elements	0.44774
published_at	2026-04-08T12:55:00Z

value	0.00221
scoring_system	epss
scoring_elements	0.44776
published_at	2026-04-09T12:55:00Z

value	0.00221
scoring_system	epss
scoring_elements	0.44793
published_at	2026-04-11T12:55:00Z

value	0.00221
scoring_system	epss
scoring_elements	0.44763
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-45359

reference_url

https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/skins/Vector/+/c17b956e0750e051ac7c1098e3ff625f0db82b2c

reference_id

c17b956e0750e051ac7c1098e3ff625f0db82b2c

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-09T21:38:11Z/

url

https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/skins/Vector/+/c17b956e0750e051ac7c1098e3ff625f0db82b2c

reference_url

https://phabricator.wikimedia.org/T340217

reference_id

T340217

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-09T21:38:11Z/

url

https://phabricator.wikimedia.org/T340217

fixed_packages

url	pkg:deb/debian/mediawiki@0?distro=trixie
purl	pkg:deb/debian/mediawiki@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@0%3Fdistro=trixie

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/mediawiki@1:1.39.5-1~deb12u1?distro=trixie
purl	pkg:deb/debian/mediawiki@1:1.39.5-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.5-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/mediawiki@1:1.39.5-1?distro=trixie
purl	pkg:deb/debian/mediawiki@1:1.39.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.5-1%3Fdistro=trixie

url pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1?distro=trixie

purl pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1?distro=trixie

purl pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-buwp-69zb-93hs

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-q7k6-59z5-d7a7

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xdct-ca96-3uat

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1?distro=trixie

purl pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kw32-af5a-hqg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie

aliases CVE-2023-45359

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rn3q-78tk-w3am

url VCID-zj5a-p9u4-ducw

vulnerability_id VCID-zj5a-p9u4-ducw

summary mediawiki: XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45360.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45360.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-45360

reference_id

reference_type

scores

value	0.00393
scoring_system	epss
scoring_elements	0.6029
published_at	2026-04-24T12:55:00Z

value	0.00393
scoring_system	epss
scoring_elements	0.60323
published_at	2026-04-16T12:55:00Z

value	0.00393
scoring_system	epss
scoring_elements	0.6033
published_at	2026-04-18T12:55:00Z

value	0.00393
scoring_system	epss
scoring_elements	0.60318
published_at	2026-04-21T12:55:00Z

value	0.00393
scoring_system	epss
scoring_elements	0.60236
published_at	2026-04-02T12:55:00Z

value	0.00393
scoring_system	epss
scoring_elements	0.60262
published_at	2026-04-04T12:55:00Z

value	0.00393
scoring_system	epss
scoring_elements	0.60229
published_at	2026-04-07T12:55:00Z

value	0.00393
scoring_system	epss
scoring_elements	0.60279
published_at	2026-04-08T12:55:00Z

value	0.00393
scoring_system	epss
scoring_elements	0.60294
published_at	2026-04-09T12:55:00Z

value	0.00393
scoring_system	epss
scoring_elements	0.60314
published_at	2026-04-11T12:55:00Z

value	0.00393
scoring_system	epss
scoring_elements	0.60301
published_at	2026-04-12T12:55:00Z

value	0.00393
scoring_system	epss
scoring_elements	0.60283
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-45360

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2247803
reference_id	2247803
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2247803

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/

reference_id

FU2FGUXXK6TMV6R52VRECLC6XCSQQISY

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-11T14:08:22Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/

reference_url

https://phabricator.wikimedia.org/T340221

reference_id

T340221

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-11T14:08:22Z/

url

https://phabricator.wikimedia.org/T340221

fixed_packages

url	pkg:deb/debian/mediawiki@1:1.35.13-1~deb11u1?distro=trixie
purl	pkg:deb/debian/mediawiki@1:1.35.13-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1~deb11u1%3Fdistro=trixie

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/mediawiki@1:1.39.5-1~deb12u1?distro=trixie
purl	pkg:deb/debian/mediawiki@1:1.39.5-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.5-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/mediawiki@1:1.39.5-1?distro=trixie
purl	pkg:deb/debian/mediawiki@1:1.39.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.5-1%3Fdistro=trixie

url pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1?distro=trixie

purl pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1?distro=trixie

purl pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-buwp-69zb-93hs

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-q7k6-59z5-d7a7

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xdct-ca96-3uat

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1?distro=trixie

purl pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kw32-af5a-hqg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie

aliases CVE-2023-45360

risk_score 2.5

exploitability 0.5

weighted_severity 4.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zj5a-p9u4-ducw

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.5-1~deb12u1%3Fdistro=trixie

Package Instance