CVE-2023-45360 is a cross-site scripting (XSS) vulnerability identified in MediaWiki, an open-source wiki platform widely used for collaborative content management. The vulnerability affects versions before 1.35.12, all 1.36.x through 1.39.x versions before 1.39.5, and 1.40.x versions before 1.40.1. The issue arises from improper sanitization in the internationalization (i18n) messages youhavenewmessagesmanyusers and youhavenewmessages, specifically related to the MediaWiki:Youhavenewmessagesfromusers message. These messages are used to notify users about new messages from other users. An attacker with low privileges can craft malicious input that, when rendered in these i18n messages, results in execution of arbitrary JavaScript in the context of the victim’s browser. This XSS flaw can be exploited to steal session cookies, perform actions on behalf of the user, or redirect users to malicious sites. The vulnerability requires user interaction (e.g., viewing a crafted page or message) and low privileges, but no authentication bypass is needed. The CVSS v3.1 base score is 5.4, indicating a medium severity level. No public exploits have been reported yet, but the vulnerability’s presence in widely deployed MediaWiki versions makes it a relevant concern for organizations relying on this software for internal or public knowledge bases.

For European organizations, this vulnerability poses a risk primarily to confidentiality and integrity of user sessions and data within MediaWiki deployments. Attackers exploiting this XSS could hijack user sessions, steal credentials or sensitive information, and potentially escalate attacks within the network. Organizations using MediaWiki for internal documentation or public-facing knowledge bases may face reputational damage and data leakage. The impact is heightened in environments where MediaWiki is integrated with single sign-on or contains sensitive operational information. Although availability is not directly affected, the indirect consequences of compromised accounts or data integrity can disrupt business processes. Given the medium severity and the need for user interaction, targeted phishing or social engineering campaigns could increase the likelihood of exploitation in European contexts.

1. Upgrade MediaWiki installations to the latest patched versions: 1.35.12 or later, 1.39.5 or later, and 1.40.1 or later as applicable. 2. Audit and sanitize all custom i18n message translations, especially those related to user notifications, to ensure no unsafe HTML or JavaScript is included. 3. Implement Content Security Policy (CSP) headers to restrict script execution and reduce the impact of potential XSS attacks. 4. Educate users about the risks of clicking on untrusted links or messages within MediaWiki environments. 5. Monitor MediaWiki logs for unusual activity that could indicate exploitation attempts. 6. If upgrading immediately is not feasible, consider disabling or restricting the use of the affected i18n messages temporarily. 7. Regularly review and apply security advisories from the MediaWiki project to stay current on patches and mitigations.