Mediawiki

Mediawiki

395 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2025-61638

  • EPSS 0.01%
  • Veröffentlicht 03.02.2026 00:16:09
  • Zuletzt bearbeitet 16.03.2026 18:34:13

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid. This vulnerability is associated with program files includes/parser/Sanitizer.P...

4.8

CVE-2025-61639

  • EPSS 0.01%
  • Veröffentlicht 03.02.2026 00:16:09
  • Zuletzt bearbeitet 16.03.2026 18:33:06

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/logging/ManualLogEntry.Php, includes/recentchanges/RecentChangeFactory.Php, inclu...

4.8

CVE-2025-61640

  • EPSS 0.01%
  • Veröffentlicht 03.02.2026 00:16:09
  • Zuletzt bearbeitet 16.03.2026 18:32:27

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Rcfilters/ui/RclToOrFromWidget.Js...

3.1

CVE-2025-61634

  • EPSS 0.01%
  • Veröffentlicht 03.02.2026 00:16:08
  • Zuletzt bearbeitet 17.03.2026 15:22:47

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Rest/Handler/PageHTMLHandler.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.

6.1

CVE-2023-45361

  • EPSS 0.19%
  • Veröffentlicht 09.10.2024 06:15:13
  • Zuletzt bearbeitet 15.04.2026 00:35:42

An issue was discovered in VectorComponentUserLinks.php in the Vector Skin component in MediaWiki before 1.39.5 and 1.40.x before 1.40.1. vector-intro-page MalformedTitleException is uncaught if it is not a valid title, leading to incorrect web pages...

5.3

CVE-2024-47913

Exploit
  • EPSS 0.69%
  • Veröffentlicht 04.10.2024 22:15:02
  • Zuletzt bearbeitet 17.06.2025 15:54:48

An issue was discovered in the AbuseFilter extension for MediaWiki before 1.39.9, 1.40.x and 1.41.x before 1.41.3, and 1.42.x before 1.42.2. An API caller can match a filter condition against AbuseFilter logs even if the caller is not authorized to v...

4.3

CVE-2024-40596

  • EPSS 0.15%
  • Veröffentlicht 07.07.2024 00:15:10
  • Zuletzt bearbeitet 18.03.2025 16:15:22

An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The Special:Investigate feature can expose suppressed information for log events. (TimelineService does not support properly suppressing.)

7.5

CVE-2024-40597

  • EPSS 0.38%
  • Veröffentlicht 07.07.2024 00:15:10
  • Zuletzt bearbeitet 17.06.2025 20:16:47

An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. It can expose suppressed information for log events. (The log_deleted attribute is not respected.)

4.3

CVE-2024-40598

  • EPSS 0.15%
  • Veröffentlicht 07.07.2024 00:15:10
  • Zuletzt bearbeitet 25.03.2025 17:15:59

An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The API can expose suppressed information for log events. (The log_deleted attribute is not applied to entries.)

4.8

CVE-2024-40599

Exploit
  • EPSS 0.13%
  • Veröffentlicht 07.07.2024 00:15:10
  • Zuletzt bearbeitet 20.03.2025 21:15:20

An issue was discovered in the GuMaxDD skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries.