Mediawiki

Mediawiki

395 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2021-44855

Exploit
  • EPSS 0.46%
  • Veröffentlicht 26.12.2022 05:15:10
  • Zuletzt bearbeitet 14.04.2025 16:15:18

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. There is Blind Stored XSS via a URL to the Upload Image feature.

5.4

CVE-2021-42045

  • EPSS 0.21%
  • Veröffentlicht 29.09.2022 03:15:14
  • Zuletzt bearbeitet 21.11.2024 06:27:07

An issue was discovered in SecurePoll in the Growth extension in MediaWiki through 1.36.2. Simple polls allow users to create alerts by changing their User-Agent HTTP header and submitting a vote.

6.1

CVE-2021-42046

  • EPSS 0.3%
  • Veröffentlicht 29.09.2022 03:15:14
  • Zuletzt bearbeitet 21.11.2024 06:27:07

An issue was discovered in the GlobalWatchlist extension in MediaWiki through 1.36.2. The rev-deleted-user and ntimes messages were not properly escaped and allowed for users to inject HTML and JavaScript.

5.4

CVE-2021-42047

  • EPSS 0.21%
  • Veröffentlicht 29.09.2022 03:15:14
  • Zuletzt bearbeitet 21.11.2024 06:27:08

An issue was discovered in the Growth extension in MediaWiki through 1.36.2. On any Wiki with the Mentor Dashboard feature enabled, users can login with a mentor account and trigger an XSS payload (such as alert) via Growthexperiments-mentor-dashboar...

4.8

CVE-2021-42048

  • EPSS 0.22%
  • Veröffentlicht 29.09.2022 03:15:14
  • Zuletzt bearbeitet 21.11.2024 06:27:08

An issue was discovered in the Growth extension in MediaWiki through 1.36.2. Any admin can add arbitrary JavaScript code to the Newcomer home page footer, which can be executed by viewers with zero edits.

6.5

CVE-2021-42049

  • EPSS 0.33%
  • Veröffentlicht 29.09.2022 03:15:14
  • Zuletzt bearbeitet 21.11.2024 06:27:08

An issue was discovered in the Translate extension in MediaWiki through 1.36.2. Oversighters cannot undo revisions or oversight on pages where they suppressed information (such as PII). This allows oversighters to whitewash revisions.

4.4

CVE-2022-28201

Exploit
  • EPSS 0.07%
  • Veröffentlicht 19.09.2022 21:15:09
  • Zuletzt bearbeitet 21.11.2024 06:56:56

An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Users with the editinterface permission can trigger infinite recursion, because a bare local interwiki is mishandled for the mainpage message.

7.5

CVE-2022-28203

Exploit
  • EPSS 0.42%
  • Veröffentlicht 19.09.2022 21:15:09
  • Zuletzt bearbeitet 21.11.2024 06:56:56

A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. When many files exist, requesting Special:NewFiles with actor as a condition can result in a very long running query.

7.5

CVE-2022-28204

Exploit
  • EPSS 0.38%
  • Veröffentlicht 19.09.2022 21:15:09
  • Zuletzt bearbeitet 29.05.2025 16:15:27

A denial-of-service issue was discovered in MediaWiki 1.37.x before 1.37.2. Rendering of w/index.php?title=Special%3AWhatLinksHere&target=Property%3AP31&namespace=1&invert=1 can take more than thirty seconds. There is a DDoS risk.

4.9

CVE-2022-39194

Exploit
  • EPSS 0.33%
  • Veröffentlicht 02.09.2022 05:15:07
  • Zuletzt bearbeitet 21.11.2024 07:17:45

An issue was discovered in the MediaWiki through 1.38.2. The community configuration pages for the GrowthExperiments extension could cause a site to become unavailable due to insufficient validation when certain actions (including page moves) were pe...