Mediawiki

Mediawiki

378 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2024-34502

  • EPSS 0.16%
  • Veröffentlicht 05.05.2024 19:15:07
  • Zuletzt bearbeitet 04.11.2025 18:16:22

An issue was discovered in WikibaseLexeme in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. Loading Special:MergeLexemes will (attempt to) make an edit that merges the from-id to the to-id, even if the request was not a POST...

7.5

CVE-2024-34506

Exploit
  • EPSS 0.17%
  • Veröffentlicht 05.05.2024 19:15:07
  • Zuletzt bearbeitet 04.11.2025 18:16:22

An issue was discovered in includes/specials/SpecialMovePage.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. If a user with the necessary rights to move the page opens Special:MovePage for a page with tens of thousands...

7.4

CVE-2024-34507

Exploit
  • EPSS 0.44%
  • Veröffentlicht 05.05.2024 19:15:07
  • Zuletzt bearbeitet 04.11.2025 18:16:22

An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. XSS can occur because of mishandling of the 0x1b character, as demonstrated by Special:RecentChanges#%1...

8.6

CVE-2023-29134

  • EPSS 0.23%
  • Veröffentlicht 27.03.2024 06:15:08
  • Zuletzt bearbeitet 21.11.2024 07:56:36

An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. There is mishandling of backticks to smartSplit.

6.1

CVE-2024-23177

Exploit
  • EPSS 0.39%
  • Veröffentlicht 12.01.2024 06:15:47
  • Zuletzt bearbeitet 03.06.2025 14:15:46

An issue was discovered in the WatchAnalytics extension in MediaWiki before 1.40.2. XSS can occur via the Special:PageStatistics page parameter.

5.4

CVE-2024-23178

Exploit
  • EPSS 0.35%
  • Veröffentlicht 12.01.2024 06:15:47
  • Zuletzt bearbeitet 03.06.2025 14:15:46

An issue was discovered in the Phonos extension in MediaWiki before 1.40.2. PhonosButton.js allows i18n-based XSS via the phonos-purge-needed-error message.

6.1

CVE-2024-23179

Exploit
  • EPSS 0.36%
  • Veröffentlicht 12.01.2024 06:15:47
  • Zuletzt bearbeitet 21.11.2024 08:57:07

An issue was discovered in the GlobalBlocking extension in MediaWiki before 1.40.2. For a Special:GlobalBlock?uselang=x-xss URI, i18n-based XSS can occur via the parentheses message. This affects subtitle links in buildSubtitleLinks.

5.4

CVE-2024-23171

Exploit
  • EPSS 0.42%
  • Veröffentlicht 12.01.2024 05:15:10
  • Zuletzt bearbeitet 21.11.2024 08:57:07

An issue was discovered in the CampaignEvents extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:EventDetails page allows XSS via the x-xss language setting for internationalization (i18n...

5.4

CVE-2024-23172

Exploit
  • EPSS 0.62%
  • Veröffentlicht 12.01.2024 05:15:10
  • Zuletzt bearbeitet 04.06.2025 16:15:29

An issue was discovered in the CheckUser extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via message definitions. e.g., in SpecialCheckUserLog.

6.1

CVE-2024-23173

Exploit
  • EPSS 0.39%
  • Veröffentlicht 12.01.2024 05:15:10
  • Zuletzt bearbeitet 03.06.2025 14:15:46

An issue was discovered in the Cargo extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:Drilldown page allows XSS via artist, album, and position parameters because of applied filter valu...