CVE-2023-45360: 
NixOS vulnerability analysis and mitigation

An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. The vulnerability involves Cross-Site Scripting (XSS) in youhavenewmessagesmanyusers and youhavenewmessages i18n messages, specifically related to MediaWiki:Youhavenewmessagesfromusers (NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 5.4 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. This indicates that the vulnerability requires network access, low attack complexity, low privileges, and user interaction. The scope is changed, with low impacts on confidentiality and integrity, but no impact on availability (NVD).

The vulnerability allows for Cross-Site Scripting attacks through the internationalization (i18n) messages system, potentially enabling attackers to execute malicious scripts in the context of other users' browsers. This could lead to theft of sensitive information or unauthorized actions performed on behalf of other users (NVD).

Users should upgrade to MediaWiki version 1.35.12 or later, 1.39.5 or later for the 1.39.x series, or 1.40.1 or later for the 1.40.x series. These versions contain the necessary security fixes to address the vulnerability (NVD).