Filtered by vendor Mediawiki Subscriptions
Filtered by product Mediawiki Subscriptions
Total 366 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-29904 1 Mediawiki 1 Mediawiki 2024-08-03 9.8 Critical
The SemanticDrilldown extension for MediaWiki through 1.37.2 (before e688bdba6434591b5dff689a45e4d53459954773) allows SQL injection with certain '-' and '_' constraints.
CVE-2022-29905 1 Mediawiki 1 Mediawiki 2024-08-03 4.3 Medium
The FanBoxes extension for MediaWiki through 1.37.2 (before 027ffb0b9d6fe0d823810cf03f5b562a212162d4) allows Special:UserBoxes CSRF.
CVE-2022-28323 1 Mediawiki 1 Mediawiki 2024-08-03 7.5 High
An issue was discovered in MediaWiki through 1.37.2. The SecurePoll extension allows a leak because sorting by timestamp is supported,
CVE-2022-28203 2 Debian, Mediawiki 2 Debian Linux, Mediawiki 2024-08-03 7.5 High
A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. When many files exist, requesting Special:NewFiles with actor as a condition can result in a very long running query.
CVE-2022-28205 1 Mediawiki 1 Mediawiki 2024-08-03 9.8 Critical
An issue was discovered in MediaWiki through 1.37.1. The CentralAuth extension mishandles a ttl issue for groups expiring in the future.
CVE-2022-28206 1 Mediawiki 1 Mediawiki 2024-08-03 9.8 Critical
An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidator.php in the FileImporter extension mishandles the check for edit rights.
CVE-2022-28201 2 Debian, Mediawiki 2 Debian Linux, Mediawiki 2024-08-03 4.4 Medium
An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Users with the editinterface permission can trigger infinite recursion, because a bare local interwiki is mishandled for the mainpage message.
CVE-2022-28204 1 Mediawiki 1 Mediawiki 2024-08-03 7.5 High
A denial-of-service issue was discovered in MediaWiki 1.37.x before 1.37.2. Rendering of w/index.php?title=Special%3AWhatLinksHere&target=Property%3AP31&namespace=1&invert=1 can take more than thirty seconds. There is a DDoS risk.
CVE-2022-28202 3 Debian, Fedoraproject, Mediawiki 3 Debian Linux, Fedora, Mediawiki 2024-08-03 6.1 Medium
An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete.
CVE-2022-28209 1 Mediawiki 1 Mediawiki 2024-08-03 9.8 Critical
An issue was discovered in Mediawiki through 1.37.1. The check for the override-antispoof permission in the AntiSpoof extension is incorrect.
CVE-2023-45362 1 Mediawiki 1 Mediawiki 2024-08-02 4.3 Medium
An issue was discovered in DifferenceEngine.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. diff-multi-sameuser (aka "X intermediate revisions by the same user not shown") ignores username suppression. This is an information leak.
CVE-2023-45360 1 Mediawiki 1 Mediawiki 2024-08-02 5.4 Medium
An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages. This is related to MediaWiki:Youhavenewmessagesfromusers.
CVE-2023-37304 1 Mediawiki 1 Mediawiki 2024-08-02 5.4 Medium
An issue was discovered in the DoubleWiki extension for MediaWiki through 1.39.3. includes/DoubleWiki.php allows XSS via the column alignment feature.
CVE-2023-37305 1 Mediawiki 1 Mediawiki 2024-08-02 5.3 Medium
An issue was discovered in the ProofreadPage (aka Proofread Page) extension for MediaWiki through 1.39.3. In includes/Page/PageContentHandler.php and includes/Page/PageDisplayHandler.php, hidden users can be exposed via public interfaces.
CVE-2023-37303 1 Mediawiki 1 Mediawiki 2024-08-02 9.8 Critical
An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to block a user fails after a temporary browser hang and a DBQueryDisconnectedError error message.
CVE-2023-37301 1 Mediawiki 1 Mediawiki 2024-08-02 5.3 Medium
An issue was discovered in SubmitEntityAction in Wikibase in MediaWiki through 1.39.3. Because it doesn't use EditEntity for undo and restore, the intended interaction with AbuseFilter does not occur.
CVE-2023-37300 1 Mediawiki 1 Mediawiki 2024-08-02 5.3 Medium
An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden users.
CVE-2023-37302 1 Mediawiki 1 Mediawiki 2024-08-02 6.1 Medium
An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate (from resources/wikibase/templates.js) for quotes (which can be in a title attribute).
CVE-2023-37251 1 Mediawiki 1 Mediawiki 2024-08-02 6.1 Medium
An issue was discovered in the GoogleAnalyticsMetrics extension for MediaWiki through 1.39.3. The googleanalyticstrackurl parser function does not properly escape JavaScript in the onclick handler and does not prevent use of javascript: URLs.
CVE-2023-37254 1 Mediawiki 1 Mediawiki 2024-08-02 6.1 Medium
An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. XSS can occur in Special:CargoQuery via a crafted page item when using the default format.