CVE-2023-45359 – Debian Security Advisory 5520-1

https://notcve.org/view.php?id=CVE-2023-45359

11 Oct 2023 — An issue was discovered in the Vector Skin component for MediaWiki before 1.39.5 and 1.40.x before 1.40.1. vector-toc-toggle-button-label is not escaped, but should be, because the line param can have markup. Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting, denial of service or information disclosure. • https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/skins/Vector/+/c17b956e0750e051ac7c1098e3ff625f0db82b2c • CWE-116: Improper Encoding or Escaping of Output •