Mediawiki

Mediawiki

371 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2023-45373

  • EPSS 0.31%
  • Veröffentlicht 09.10.2023 06:15:10
  • Zuletzt bearbeitet 21.11.2024 08:26:50

An issue was discovered in the ProofreadPage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. XSS can occur via formatNumNoSeparators.

5.3

CVE-2023-45374

  • EPSS 0.08%
  • Veröffentlicht 09.10.2023 06:15:10
  • Zuletzt bearbeitet 21.11.2024 08:26:50

An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It does not check for the anti-CSRF edit token in Special:SportsTeamsManager and Special:UpdateFavoriteT...

4.3

CVE-2023-45369

  • EPSS 0.11%
  • Veröffentlicht 09.10.2023 06:15:09
  • Zuletzt bearbeitet 21.11.2024 08:26:49

An issue was discovered in the PageTriage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. Usernames of hidden users are exposed.

7.5

CVE-2023-45363

Exploit
  • EPSS 8.72%
  • Veröffentlicht 09.10.2023 05:15:09
  • Zuletzt bearbeitet 21.11.2024 08:26:49

An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages re...

5.3

CVE-2023-45364

  • EPSS 0.09%
  • Veröffentlicht 09.10.2023 05:15:09
  • Zuletzt bearbeitet 21.11.2024 08:26:49

An issue was discovered in includes/page/Article.php in MediaWiki 1.36.x through 1.39.x before 1.39.5 and 1.40.x before 1.40.1. Deleted revision existence is leaked due to incorrect permissions being checked. This reveals that a given revision ID bel...

6.5

CVE-2023-45367

Exploit
  • EPSS 0.14%
  • Veröffentlicht 09.10.2023 05:15:09
  • Zuletzt bearbeitet 21.11.2024 08:26:49

An issue was discovered in the CheckUser extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. A user can use a rest.php/checkuser/v0/useragent-clienthints/revision/ URL to store an arbitrary number of...

7.3

CVE-2023-3550

Exploit
  • EPSS 0.09%
  • Veröffentlicht 25.09.2023 16:15:14
  • Zuletzt bearbeitet 13.02.2025 17:16:57

Mediawiki v1.40.0 does not validate namespaces used in XML files. Therefore, if the instance administrator allows XML file uploads, a remote attacker with a low-privileged user account can use this exploit to become an administrator by sending a m...

5.3

CVE-2023-36674

  • EPSS 0.04%
  • Veröffentlicht 20.08.2023 18:15:09
  • Zuletzt bearbeitet 21.11.2024 08:10:19

An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list (aka badFile) by using the thumb parameter (aka Manualthumb) of the ...

5.3

CVE-2023-37300

Exploit
  • EPSS 0.15%
  • Veröffentlicht 30.06.2023 17:15:09
  • Zuletzt bearbeitet 27.11.2024 19:15:31

An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden users.

5.3

CVE-2023-37301

Exploit
  • EPSS 0.05%
  • Veröffentlicht 30.06.2023 17:15:09
  • Zuletzt bearbeitet 27.11.2024 19:15:31

An issue was discovered in SubmitEntityAction in Wikibase in MediaWiki through 1.39.3. Because it doesn't use EditEntity for undo and restore, the intended interaction with AbuseFilter does not occur.