Mediawiki

Mediawiki

371 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2021-31545

  • EPSS 0.2%
  • Veröffentlicht 22.04.2021 03:15:07
  • Zuletzt bearbeitet 21.11.2024 06:05:52

An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. The page_recent_contributors leaked the existence of certain deleted MediaWiki usernames, related to rev_deleted.

4.3

CVE-2021-31546

  • EPSS 0.11%
  • Veröffentlicht 22.04.2021 03:15:07
  • Zuletzt bearbeitet 21.11.2024 06:05:53

An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It incorrectly logged sensitive suppression deletions, which should not have been visible to users with access to view AbuseFilter log data.

4.3

CVE-2021-30155

Exploit
  • EPSS 0.45%
  • Veröffentlicht 09.04.2021 07:15:16
  • Zuletzt bearbeitet 21.11.2024 06:03:24

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. ContentModelChange does not check if a user has correct permissions to create and set the content model of a nonexistent page.

4.3

CVE-2021-30156

Exploit
  • EPSS 0.19%
  • Veröffentlicht 09.04.2021 07:15:16
  • Zuletzt bearbeitet 21.11.2024 06:03:24

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Special:Contributions can leak that a "hidden" user exists.

4.3

CVE-2021-30159

Exploit
  • EPSS 0.87%
  • Veröffentlicht 09.04.2021 07:15:16
  • Zuletzt bearbeitet 21.11.2024 06:03:25

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Users can bypass intended restrictions on deleting pages in certain "fast double move" situations. MovePage::isValidMoveTarget() uses FOR UPDATE, but it's on...

4.3

CVE-2021-30152

Exploit
  • EPSS 0.53%
  • Veröffentlicht 09.04.2021 07:15:15
  • Zuletzt bearbeitet 21.11.2024 06:03:24

An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through 1.35.x before 1.35.2. When using the MediaWiki API to "protect" a page, a user is currently able to protect to a higher level than they currently have permissions for.

6.1

CVE-2021-30154

Exploit
  • EPSS 1.12%
  • Veröffentlicht 06.04.2021 07:15:12
  • Zuletzt bearbeitet 21.11.2024 06:03:24

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On Special:NewFiles, all the mediastatistics-header-* messages are output in HTML unescaped, leading to XSS.

6.1

CVE-2021-30157

Exploit
  • EPSS 1.01%
  • Veröffentlicht 06.04.2021 07:15:12
  • Zuletzt bearbeitet 21.11.2024 06:03:25

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On ChangesList special pages such as Special:RecentChanges and Special:Watchlist, some of the rcfilters-filter-* label messages are output in HTML unescaped,...

5.3

CVE-2021-30158

Exploit
  • EPSS 0.61%
  • Veröffentlicht 06.04.2021 07:15:12
  • Zuletzt bearbeitet 21.11.2024 06:03:25

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Blocked users are unable to use Special:ResetTokens. This has security relevance because a blocked user might have accidentally shared a token, or might know...

8.8

CVE-2020-29004

  • EPSS 0.16%
  • Veröffentlicht 29.01.2021 07:15:16
  • Zuletzt bearbeitet 21.11.2024 05:23:28

The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF attack.