Filtered by vendor Mediawiki
Subscriptions
Filtered by product Mediawiki
Subscriptions
Total
366 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-29904 | 1 Mediawiki | 1 Mediawiki | 2024-08-03 | 9.8 Critical |
The SemanticDrilldown extension for MediaWiki through 1.37.2 (before e688bdba6434591b5dff689a45e4d53459954773) allows SQL injection with certain '-' and '_' constraints. | ||||
CVE-2022-29905 | 1 Mediawiki | 1 Mediawiki | 2024-08-03 | 4.3 Medium |
The FanBoxes extension for MediaWiki through 1.37.2 (before 027ffb0b9d6fe0d823810cf03f5b562a212162d4) allows Special:UserBoxes CSRF. | ||||
CVE-2022-28323 | 1 Mediawiki | 1 Mediawiki | 2024-08-03 | 7.5 High |
An issue was discovered in MediaWiki through 1.37.2. The SecurePoll extension allows a leak because sorting by timestamp is supported, | ||||
CVE-2022-28203 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-08-03 | 7.5 High |
A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. When many files exist, requesting Special:NewFiles with actor as a condition can result in a very long running query. | ||||
CVE-2022-28205 | 1 Mediawiki | 1 Mediawiki | 2024-08-03 | 9.8 Critical |
An issue was discovered in MediaWiki through 1.37.1. The CentralAuth extension mishandles a ttl issue for groups expiring in the future. | ||||
CVE-2022-28206 | 1 Mediawiki | 1 Mediawiki | 2024-08-03 | 9.8 Critical |
An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidator.php in the FileImporter extension mishandles the check for edit rights. | ||||
CVE-2022-28201 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-08-03 | 4.4 Medium |
An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Users with the editinterface permission can trigger infinite recursion, because a bare local interwiki is mishandled for the mainpage message. | ||||
CVE-2022-28204 | 1 Mediawiki | 1 Mediawiki | 2024-08-03 | 7.5 High |
A denial-of-service issue was discovered in MediaWiki 1.37.x before 1.37.2. Rendering of w/index.php?title=Special%3AWhatLinksHere&target=Property%3AP31&namespace=1&invert=1 can take more than thirty seconds. There is a DDoS risk. | ||||
CVE-2022-28202 | 3 Debian, Fedoraproject, Mediawiki | 3 Debian Linux, Fedora, Mediawiki | 2024-08-03 | 6.1 Medium |
An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete. | ||||
CVE-2022-28209 | 1 Mediawiki | 1 Mediawiki | 2024-08-03 | 9.8 Critical |
An issue was discovered in Mediawiki through 1.37.1. The check for the override-antispoof permission in the AntiSpoof extension is incorrect. | ||||
CVE-2023-45362 | 1 Mediawiki | 1 Mediawiki | 2024-08-02 | 4.3 Medium |
An issue was discovered in DifferenceEngine.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. diff-multi-sameuser (aka "X intermediate revisions by the same user not shown") ignores username suppression. This is an information leak. | ||||
CVE-2023-45360 | 1 Mediawiki | 1 Mediawiki | 2024-08-02 | 5.4 Medium |
An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages. This is related to MediaWiki:Youhavenewmessagesfromusers. | ||||
CVE-2023-37304 | 1 Mediawiki | 1 Mediawiki | 2024-08-02 | 5.4 Medium |
An issue was discovered in the DoubleWiki extension for MediaWiki through 1.39.3. includes/DoubleWiki.php allows XSS via the column alignment feature. | ||||
CVE-2023-37305 | 1 Mediawiki | 1 Mediawiki | 2024-08-02 | 5.3 Medium |
An issue was discovered in the ProofreadPage (aka Proofread Page) extension for MediaWiki through 1.39.3. In includes/Page/PageContentHandler.php and includes/Page/PageDisplayHandler.php, hidden users can be exposed via public interfaces. | ||||
CVE-2023-37303 | 1 Mediawiki | 1 Mediawiki | 2024-08-02 | 9.8 Critical |
An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to block a user fails after a temporary browser hang and a DBQueryDisconnectedError error message. | ||||
CVE-2023-37301 | 1 Mediawiki | 1 Mediawiki | 2024-08-02 | 5.3 Medium |
An issue was discovered in SubmitEntityAction in Wikibase in MediaWiki through 1.39.3. Because it doesn't use EditEntity for undo and restore, the intended interaction with AbuseFilter does not occur. | ||||
CVE-2023-37300 | 1 Mediawiki | 1 Mediawiki | 2024-08-02 | 5.3 Medium |
An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden users. | ||||
CVE-2023-37302 | 1 Mediawiki | 1 Mediawiki | 2024-08-02 | 6.1 Medium |
An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate (from resources/wikibase/templates.js) for quotes (which can be in a title attribute). | ||||
CVE-2023-37251 | 1 Mediawiki | 1 Mediawiki | 2024-08-02 | 6.1 Medium |
An issue was discovered in the GoogleAnalyticsMetrics extension for MediaWiki through 1.39.3. The googleanalyticstrackurl parser function does not properly escape JavaScript in the onclick handler and does not prevent use of javascript: URLs. | ||||
CVE-2023-37254 | 1 Mediawiki | 1 Mediawiki | 2024-08-02 | 6.1 Medium |
An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. XSS can occur in Special:CargoQuery via a crafted page item when using the default format. |