Mediawiki - Mediawiki CVE

Filtered by vendor Mediawiki Subscriptions

Filtered by product Mediawiki Subscriptions

Total 366 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2022-29904	1 Mediawiki	1 Mediawiki	2024-08-03	9.8 Critical
The SemanticDrilldown extension for MediaWiki through 1.37.2 (before e688bdba6434591b5dff689a45e4d53459954773) allows SQL injection with certain '-' and '_' constraints.
CVE-2022-29905	1 Mediawiki	1 Mediawiki	2024-08-03	4.3 Medium
The FanBoxes extension for MediaWiki through 1.37.2 (before 027ffb0b9d6fe0d823810cf03f5b562a212162d4) allows Special:UserBoxes CSRF.
CVE-2022-28323	1 Mediawiki	1 Mediawiki	2024-08-03	7.5 High
An issue was discovered in MediaWiki through 1.37.2. The SecurePoll extension allows a leak because sorting by timestamp is supported,
CVE-2022-28203	2 Debian, Mediawiki	2 Debian Linux, Mediawiki	2024-08-03	7.5 High
A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. When many files exist, requesting Special:NewFiles with actor as a condition can result in a very long running query.
CVE-2022-28205	1 Mediawiki	1 Mediawiki	2024-08-03	9.8 Critical
An issue was discovered in MediaWiki through 1.37.1. The CentralAuth extension mishandles a ttl issue for groups expiring in the future.
CVE-2022-28206	1 Mediawiki	1 Mediawiki	2024-08-03	9.8 Critical
An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidator.php in the FileImporter extension mishandles the check for edit rights.
CVE-2022-28201	2 Debian, Mediawiki	2 Debian Linux, Mediawiki	2024-08-03	4.4 Medium
An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Users with the editinterface permission can trigger infinite recursion, because a bare local interwiki is mishandled for the mainpage message.
CVE-2022-28204	1 Mediawiki	1 Mediawiki	2024-08-03	7.5 High
A denial-of-service issue was discovered in MediaWiki 1.37.x before 1.37.2. Rendering of w/index.php?title=Special%3AWhatLinksHere&target=Property%3AP31&namespace=1&invert=1 can take more than thirty seconds. There is a DDoS risk.
CVE-2022-28202	3 Debian, Fedoraproject, Mediawiki	3 Debian Linux, Fedora, Mediawiki	2024-08-03	6.1 Medium
An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete.
CVE-2022-28209	1 Mediawiki	1 Mediawiki	2024-08-03	9.8 Critical
An issue was discovered in Mediawiki through 1.37.1. The check for the override-antispoof permission in the AntiSpoof extension is incorrect.
CVE-2023-45362	1 Mediawiki	1 Mediawiki	2024-08-02	4.3 Medium
An issue was discovered in DifferenceEngine.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. diff-multi-sameuser (aka "X intermediate revisions by the same user not shown") ignores username suppression. This is an information leak.
CVE-2023-45360	1 Mediawiki	1 Mediawiki	2024-08-02	5.4 Medium
An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages. This is related to MediaWiki:Youhavenewmessagesfromusers.
CVE-2023-37304	1 Mediawiki	1 Mediawiki	2024-08-02	5.4 Medium
An issue was discovered in the DoubleWiki extension for MediaWiki through 1.39.3. includes/DoubleWiki.php allows XSS via the column alignment feature.
CVE-2023-37305	1 Mediawiki	1 Mediawiki	2024-08-02	5.3 Medium
An issue was discovered in the ProofreadPage (aka Proofread Page) extension for MediaWiki through 1.39.3. In includes/Page/PageContentHandler.php and includes/Page/PageDisplayHandler.php, hidden users can be exposed via public interfaces.
CVE-2023-37303	1 Mediawiki	1 Mediawiki	2024-08-02	9.8 Critical
An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to block a user fails after a temporary browser hang and a DBQueryDisconnectedError error message.
CVE-2023-37301	1 Mediawiki	1 Mediawiki	2024-08-02	5.3 Medium
An issue was discovered in SubmitEntityAction in Wikibase in MediaWiki through 1.39.3. Because it doesn't use EditEntity for undo and restore, the intended interaction with AbuseFilter does not occur.
CVE-2023-37300	1 Mediawiki	1 Mediawiki	2024-08-02	5.3 Medium
An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden users.
CVE-2023-37302	1 Mediawiki	1 Mediawiki	2024-08-02	6.1 Medium
An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate (from resources/wikibase/templates.js) for quotes (which can be in a title attribute).
CVE-2023-37251	1 Mediawiki	1 Mediawiki	2024-08-02	6.1 Medium
An issue was discovered in the GoogleAnalyticsMetrics extension for MediaWiki through 1.39.3. The googleanalyticstrackurl parser function does not properly escape JavaScript in the onclick handler and does not prevent use of javascript: URLs.
CVE-2023-37254	1 Mediawiki	1 Mediawiki	2024-08-02	6.1 Medium
An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. XSS can occur in Special:CargoQuery via a crafted page item when using the default format.

« first previous Page 17 of 19. next last »