Mediawiki

Mediawiki

371 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2024-23171

Exploit
  • EPSS 0.42%
  • Published 12.01.2024 05:15:10
  • Last modified 21.11.2024 08:57:07

An issue was discovered in the CampaignEvents extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:EventDetails page allows XSS via the x-xss language setting for internationalization (i18n...

5.4

CVE-2024-23172

Exploit
  • EPSS 0.47%
  • Published 12.01.2024 05:15:10
  • Last modified 04.06.2025 16:15:29

An issue was discovered in the CheckUser extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via message definitions. e.g., in SpecialCheckUserLog.

6.1

CVE-2024-23173

Exploit
  • EPSS 0.39%
  • Published 12.01.2024 05:15:10
  • Last modified 03.06.2025 14:15:46

An issue was discovered in the Cargo extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:Drilldown page allows XSS via artist, album, and position parameters because of applied filter valu...

5.4

CVE-2024-23174

Exploit
  • EPSS 0.4%
  • Published 12.01.2024 05:15:10
  • Last modified 21.11.2024 08:57:07

An issue was discovered in the PageTriage extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via the rev-deleted-user, pagetriage-tags-quickfilter-label, pagetriage-triage, pagetriage-f...

6.1

CVE-2023-51704

Exploit
  • EPSS 0.25%
  • Published 22.12.2023 02:15:42
  • Last modified 21.11.2024 08:38:38

An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. In includes/logging/RightsLogFormatter.php, group-*-member messages can result in XSS on Special:log/rights.

5.4

CVE-2023-45360

Exploit
  • EPSS 0.34%
  • Published 03.11.2023 05:15:30
  • Last modified 21.11.2024 08:26:48

An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages. This is related to MediaWiki:Youhavenewmessagesfromu...

4.3

CVE-2023-45362

Exploit
  • EPSS 0.25%
  • Published 03.11.2023 05:15:30
  • Last modified 21.11.2024 08:26:49

An issue was discovered in DifferenceEngine.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. diff-multi-sameuser (aka "X intermediate revisions by the same user not shown") ignores username suppression. ...

5.3

CVE-2023-45370

  • EPSS 0.09%
  • Published 09.10.2023 06:15:10
  • Last modified 21.11.2024 08:26:50

An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. SportsTeams: Special:SportsManagerLogo and Special:SportsTeamsManagerLogo do not check for the sportstea...

7.5

CVE-2023-45371

  • EPSS 0.18%
  • Published 09.10.2023 06:15:10
  • Last modified 21.11.2024 08:26:50

An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is no rate limit for merging items.

5.3

CVE-2023-45372

  • EPSS 0.13%
  • Published 09.10.2023 06:15:10
  • Last modified 21.11.2024 08:26:50

An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. During item merging, ItemMergeInteractor does not have an edit filter running (e.g., AbuseFilter).