Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-ruur-4cvx-cqct
Vulnerability ID VCID-ruur-4cvx-cqct
Aliases CVE-2023-36675
Summary mediawiki: cross site scripting
Status Published
Exploitability 0.5
Weighted Severity 3.1
Risk 1.6
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
System Score Found at
cvssv3 3.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36675.json
epss 0.00526 https://api.first.org/data/v1/epss?cve=CVE-2023-36675
epss 0.00526 https://api.first.org/data/v1/epss?cve=CVE-2023-36675
epss 0.00526 https://api.first.org/data/v1/epss?cve=CVE-2023-36675
epss 0.00526 https://api.first.org/data/v1/epss?cve=CVE-2023-36675
epss 0.00526 https://api.first.org/data/v1/epss?cve=CVE-2023-36675
epss 0.00526 https://api.first.org/data/v1/epss?cve=CVE-2023-36675
epss 0.00526 https://api.first.org/data/v1/epss?cve=CVE-2023-36675
epss 0.00526 https://api.first.org/data/v1/epss?cve=CVE-2023-36675
epss 0.00526 https://api.first.org/data/v1/epss?cve=CVE-2023-36675
epss 0.00526 https://api.first.org/data/v1/epss?cve=CVE-2023-36675
epss 0.00526 https://api.first.org/data/v1/epss?cve=CVE-2023-36675
epss 0.00531 https://api.first.org/data/v1/epss?cve=CVE-2023-36675
epss 0.00531 https://api.first.org/data/v1/epss?cve=CVE-2023-36675
epss 0.00531 https://api.first.org/data/v1/epss?cve=CVE-2023-36675
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O/
ssvc Track https://phabricator.wikimedia.org/T332889
ssvc Track https://www.debian.org/security/2023/dsa-5447
ssvc Track https://www.mediawiki.org/wiki/Release_notes/1.40#Other_changes_in_1.40
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36675.json
https://api.first.org/data/v1/epss?cve=CVE-2023-36675
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29141
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36674
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36675
1.40#Other_changes_in_1.40 https://www.mediawiki.org/wiki/Release_notes/1.40#Other_changes_in_1.40
2217428 https://bugzilla.redhat.com/show_bug.cgi?id=2217428
2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6/
6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5/
DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O/
T332889 https://phabricator.wikimedia.org/T332889
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36675.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-05T15:24:50Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6/
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-05T15:24:50Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5/
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-05T15:24:50Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O/
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-05T15:24:50Z/ Found at https://phabricator.wikimedia.org/T332889
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-05T15:24:50Z/ Found at https://www.debian.org/security/2023/dsa-5447
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-05T15:24:50Z/ Found at https://www.mediawiki.org/wiki/Release_notes/1.40#Other_changes_in_1.40
Exploit Prediction Scoring System (EPSS)
Percentile 0.66994
EPSS Score 0.00526
Published At April 2, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:53:38.302205+00:00 RedHat Importer Import https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36675.json 38.0.0