Mediawiki

Mediawiki

371 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2021-31545

  • EPSS 0.2%
  • Published 22.04.2021 03:15:07
  • Last modified 21.11.2024 06:05:52

An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. The page_recent_contributors leaked the existence of certain deleted MediaWiki usernames, related to rev_deleted.

4.3

CVE-2021-31546

  • EPSS 0.11%
  • Published 22.04.2021 03:15:07
  • Last modified 21.11.2024 06:05:53

An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It incorrectly logged sensitive suppression deletions, which should not have been visible to users with access to view AbuseFilter log data.

4.3

CVE-2021-30155

Exploit
  • EPSS 0.45%
  • Published 09.04.2021 07:15:16
  • Last modified 21.11.2024 06:03:24

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. ContentModelChange does not check if a user has correct permissions to create and set the content model of a nonexistent page.

4.3

CVE-2021-30156

Exploit
  • EPSS 0.19%
  • Published 09.04.2021 07:15:16
  • Last modified 21.11.2024 06:03:24

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Special:Contributions can leak that a "hidden" user exists.

4.3

CVE-2021-30159

Exploit
  • EPSS 0.87%
  • Published 09.04.2021 07:15:16
  • Last modified 21.11.2024 06:03:25

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Users can bypass intended restrictions on deleting pages in certain "fast double move" situations. MovePage::isValidMoveTarget() uses FOR UPDATE, but it's on...

4.3

CVE-2021-30152

Exploit
  • EPSS 0.53%
  • Published 09.04.2021 07:15:15
  • Last modified 21.11.2024 06:03:24

An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through 1.35.x before 1.35.2. When using the MediaWiki API to "protect" a page, a user is currently able to protect to a higher level than they currently have permissions for.

6.1

CVE-2021-30154

Exploit
  • EPSS 1.12%
  • Published 06.04.2021 07:15:12
  • Last modified 21.11.2024 06:03:24

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On Special:NewFiles, all the mediastatistics-header-* messages are output in HTML unescaped, leading to XSS.

6.1

CVE-2021-30157

Exploit
  • EPSS 1.01%
  • Published 06.04.2021 07:15:12
  • Last modified 21.11.2024 06:03:25

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On ChangesList special pages such as Special:RecentChanges and Special:Watchlist, some of the rcfilters-filter-* label messages are output in HTML unescaped,...

5.3

CVE-2021-30158

Exploit
  • EPSS 0.61%
  • Published 06.04.2021 07:15:12
  • Last modified 21.11.2024 06:03:25

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Blocked users are unable to use Special:ResetTokens. This has security relevance because a blocked user might have accidentally shared a token, or might know...

8.8

CVE-2020-29004

  • EPSS 0.16%
  • Published 29.01.2021 07:15:16
  • Last modified 21.11.2024 05:23:28

The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF attack.