Mediawiki

Mediawiki

371 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2024-23171

Exploit
  • EPSS 0.42%
  • Veröffentlicht 12.01.2024 05:15:10
  • Zuletzt bearbeitet 21.11.2024 08:57:07

An issue was discovered in the CampaignEvents extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:EventDetails page allows XSS via the x-xss language setting for internationalization (i18n...

5.4

CVE-2024-23172

Exploit
  • EPSS 0.47%
  • Veröffentlicht 12.01.2024 05:15:10
  • Zuletzt bearbeitet 04.06.2025 16:15:29

An issue was discovered in the CheckUser extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via message definitions. e.g., in SpecialCheckUserLog.

6.1

CVE-2024-23173

Exploit
  • EPSS 0.39%
  • Veröffentlicht 12.01.2024 05:15:10
  • Zuletzt bearbeitet 03.06.2025 14:15:46

An issue was discovered in the Cargo extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:Drilldown page allows XSS via artist, album, and position parameters because of applied filter valu...

5.4

CVE-2024-23174

Exploit
  • EPSS 0.4%
  • Veröffentlicht 12.01.2024 05:15:10
  • Zuletzt bearbeitet 21.11.2024 08:57:07

An issue was discovered in the PageTriage extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via the rev-deleted-user, pagetriage-tags-quickfilter-label, pagetriage-triage, pagetriage-f...

6.1

CVE-2023-51704

Exploit
  • EPSS 0.25%
  • Veröffentlicht 22.12.2023 02:15:42
  • Zuletzt bearbeitet 21.11.2024 08:38:38

An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. In includes/logging/RightsLogFormatter.php, group-*-member messages can result in XSS on Special:log/rights.

5.4

CVE-2023-45360

Exploit
  • EPSS 0.34%
  • Veröffentlicht 03.11.2023 05:15:30
  • Zuletzt bearbeitet 21.11.2024 08:26:48

An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages. This is related to MediaWiki:Youhavenewmessagesfromu...

4.3

CVE-2023-45362

Exploit
  • EPSS 0.25%
  • Veröffentlicht 03.11.2023 05:15:30
  • Zuletzt bearbeitet 21.11.2024 08:26:49

An issue was discovered in DifferenceEngine.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. diff-multi-sameuser (aka "X intermediate revisions by the same user not shown") ignores username suppression. ...

5.3

CVE-2023-45370

  • EPSS 0.09%
  • Veröffentlicht 09.10.2023 06:15:10
  • Zuletzt bearbeitet 21.11.2024 08:26:50

An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. SportsTeams: Special:SportsManagerLogo and Special:SportsTeamsManagerLogo do not check for the sportstea...

7.5

CVE-2023-45371

  • EPSS 0.18%
  • Veröffentlicht 09.10.2023 06:15:10
  • Zuletzt bearbeitet 21.11.2024 08:26:50

An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is no rate limit for merging items.

5.3

CVE-2023-45372

  • EPSS 0.13%
  • Veröffentlicht 09.10.2023 06:15:10
  • Zuletzt bearbeitet 21.11.2024 08:26:50

An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. During item merging, ItemMergeInteractor does not have an edit filter running (e.g., AbuseFilter).