Filtered by vendor Mediawiki
Subscriptions
Total
389 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-29904 | 1 Mediawiki | 1 Mediawiki | 2024-08-03 | 9.8 Critical |
The SemanticDrilldown extension for MediaWiki through 1.37.2 (before e688bdba6434591b5dff689a45e4d53459954773) allows SQL injection with certain '-' and '_' constraints. | ||||
CVE-2022-29905 | 1 Mediawiki | 1 Mediawiki | 2024-08-03 | 4.3 Medium |
The FanBoxes extension for MediaWiki through 1.37.2 (before 027ffb0b9d6fe0d823810cf03f5b562a212162d4) allows Special:UserBoxes CSRF. | ||||
CVE-2022-29547 | 1 Mediawiki | 1 Createredirect | 2024-08-03 | 7.5 High |
The CreateRedirect extension before 2022-04-14 for MediaWiki does not properly check whether the user has permissions to edit the target page. This could lead to an unauthorised (or blocked) user being able to edit a page. | ||||
CVE-2022-28323 | 1 Mediawiki | 1 Mediawiki | 2024-08-03 | 7.5 High |
An issue was discovered in MediaWiki through 1.37.2. The SecurePoll extension allows a leak because sorting by timestamp is supported, | ||||
CVE-2022-28203 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-08-03 | 7.5 High |
A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. When many files exist, requesting Special:NewFiles with actor as a condition can result in a very long running query. | ||||
CVE-2022-28205 | 1 Mediawiki | 1 Mediawiki | 2024-08-03 | 9.8 Critical |
An issue was discovered in MediaWiki through 1.37.1. The CentralAuth extension mishandles a ttl issue for groups expiring in the future. | ||||
CVE-2022-28206 | 1 Mediawiki | 1 Mediawiki | 2024-08-03 | 9.8 Critical |
An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidator.php in the FileImporter extension mishandles the check for edit rights. | ||||
CVE-2022-28201 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-08-03 | 4.4 Medium |
An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Users with the editinterface permission can trigger infinite recursion, because a bare local interwiki is mishandled for the mainpage message. | ||||
CVE-2022-28204 | 1 Mediawiki | 1 Mediawiki | 2024-08-03 | 7.5 High |
A denial-of-service issue was discovered in MediaWiki 1.37.x before 1.37.2. Rendering of w/index.php?title=Special%3AWhatLinksHere&target=Property%3AP31&namespace=1&invert=1 can take more than thirty seconds. There is a DDoS risk. | ||||
CVE-2022-28202 | 3 Debian, Fedoraproject, Mediawiki | 3 Debian Linux, Fedora, Mediawiki | 2024-08-03 | 6.1 Medium |
An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete. | ||||
CVE-2022-28209 | 1 Mediawiki | 1 Mediawiki | 2024-08-03 | 9.8 Critical |
An issue was discovered in Mediawiki through 1.37.1. The check for the override-antispoof permission in the AntiSpoof extension is incorrect. | ||||
CVE-2022-21710 | 1 Mediawiki | 1 Shortdescription | 2024-08-03 | 4.7 Medium |
ShortDescription is a MediaWiki extension that provides local short description support. A cross-site scripting (XSS) vulnerability exists in versions prior to 2.3.4. On a wiki that has the ShortDescription enabled, XSS can be triggered on any page or the page with the action=info parameter, which displays the shortdesc property. This is achieved using the wikitext `{{SHORTDESC:<img src=x onerror=alert()>}}`. This issue has a patch in version 2.3.4. | ||||
CVE-2022-4561 | 1 Mediawiki | 1 Semantic Drilldown | 2024-08-03 | 3.5 Low |
A vulnerability classified as problematic has been found in SemanticDrilldown Extension. Affected is the function printFilterLine of the file includes/specials/SDBrowseDataPage.php of the component GET Parameter Handler. The manipulation of the argument value leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 6e18cf740a4548166c1d95f6d3a28541d298a3aa. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215964. | ||||
CVE-2023-45362 | 1 Mediawiki | 1 Mediawiki | 2024-08-02 | 4.3 Medium |
An issue was discovered in DifferenceEngine.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. diff-multi-sameuser (aka "X intermediate revisions by the same user not shown") ignores username suppression. This is an information leak. | ||||
CVE-2023-45360 | 1 Mediawiki | 1 Mediawiki | 2024-08-02 | 5.4 Medium |
An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages. This is related to MediaWiki:Youhavenewmessagesfromusers. | ||||
CVE-2023-37304 | 1 Mediawiki | 1 Mediawiki | 2024-08-02 | 5.4 Medium |
An issue was discovered in the DoubleWiki extension for MediaWiki through 1.39.3. includes/DoubleWiki.php allows XSS via the column alignment feature. | ||||
CVE-2023-37305 | 1 Mediawiki | 1 Mediawiki | 2024-08-02 | 5.3 Medium |
An issue was discovered in the ProofreadPage (aka Proofread Page) extension for MediaWiki through 1.39.3. In includes/Page/PageContentHandler.php and includes/Page/PageDisplayHandler.php, hidden users can be exposed via public interfaces. | ||||
CVE-2023-37303 | 1 Mediawiki | 1 Mediawiki | 2024-08-02 | 9.8 Critical |
An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to block a user fails after a temporary browser hang and a DBQueryDisconnectedError error message. | ||||
CVE-2023-37301 | 1 Mediawiki | 1 Mediawiki | 2024-08-02 | 5.3 Medium |
An issue was discovered in SubmitEntityAction in Wikibase in MediaWiki through 1.39.3. Because it doesn't use EditEntity for undo and restore, the intended interaction with AbuseFilter does not occur. | ||||
CVE-2023-37300 | 1 Mediawiki | 1 Mediawiki | 2024-08-02 | 5.3 Medium |
An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden users. |