Search for vulnerabilities
Vulnerability details: VCID-9ejm-72ax-skgw
Vulnerability ID VCID-9ejm-72ax-skgw
Aliases CVE-2023-45360
Summary An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages. This is related to MediaWiki:Youhavenewmessagesfromusers.
Status Published
Exploitability 0.5
Weighted Severity 4.9
Risk 2.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
System Score Found at
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
cvssv3.1 5.4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/
cvssv3.1 5.4 https://nvd.nist.gov/vuln/detail/CVE-2023-45360
cvssv3.1 5.4 https://phabricator.wikimedia.org/T340221
ssvc Track https://phabricator.wikimedia.org/T340221
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45360.json
https://api.first.org/data/v1/epss?cve=CVE-2023-45360
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363
2247803 https://bugzilla.redhat.com/show_bug.cgi?id=2247803
cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.40.0:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.40.0:-:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.40.0:rc0:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.40.0:rc0:*:*:*:*:*:*
CVE-2023-45360 https://nvd.nist.gov/vuln/detail/CVE-2023-45360
FU2FGUXXK6TMV6R52VRECLC6XCSQQISY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/
T340221 https://phabricator.wikimedia.org/T340221
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-11T14:08:22Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-45360
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Found at https://phabricator.wikimedia.org/T340221
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-11T14:08:22Z/ Found at https://phabricator.wikimedia.org/T340221
Exploit Prediction Scoring System (EPSS)
Percentile 0.58358
EPSS Score 0.00375
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T09:35:03.602892+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2023/45xxx/CVE-2023-45360.json 37.0.0