Mediawiki ≫ Mediawiki

378 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.

5.4

CVE-2024-23174

Exploit

EPSS 0.4%
Veröffentlicht 12.01.2024 05:15:10
Zuletzt bearbeitet 21.11.2024 08:57:07

An issue was discovered in the PageTriage extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via the rev-deleted-user, pagetriage-tags-quickfilter-label, pagetriage-triage, pagetriage-f...

6.1

CVE-2023-51704

Exploit

EPSS 0.33%
Veröffentlicht 22.12.2023 02:15:42
Zuletzt bearbeitet 04.11.2025 18:15:48

An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. In includes/logging/RightsLogFormatter.php, group-*-member messages can result in XSS on Special:log/rights.

5.4

CVE-2023-45360

Exploit

EPSS 0.39%
Veröffentlicht 03.11.2023 05:15:30
Zuletzt bearbeitet 04.11.2025 18:15:41

An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages. This is related to MediaWiki:Youhavenewmessagesfromu...

4.3

CVE-2023-45362

Exploit

EPSS 0.39%
Veröffentlicht 03.11.2023 05:15:30
Zuletzt bearbeitet 04.11.2025 18:15:41

An issue was discovered in DifferenceEngine.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. diff-multi-sameuser (aka "X intermediate revisions by the same user not shown") ignores username suppression. ...

5.3

CVE-2023-45370

EPSS 0.09%
Veröffentlicht 09.10.2023 06:15:10
Zuletzt bearbeitet 21.11.2024 08:26:50

An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. SportsTeams: Special:SportsManagerLogo and Special:SportsTeamsManagerLogo do not check for the sportstea...

7.5

CVE-2023-45371

EPSS 0.18%
Veröffentlicht 09.10.2023 06:15:10
Zuletzt bearbeitet 21.11.2024 08:26:50

An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is no rate limit for merging items.

5.3

CVE-2023-45372

EPSS 0.13%
Veröffentlicht 09.10.2023 06:15:10
Zuletzt bearbeitet 21.11.2024 08:26:50

An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. During item merging, ItemMergeInteractor does not have an edit filter running (e.g., AbuseFilter).

6.1

CVE-2023-45373

EPSS 0.31%
Veröffentlicht 09.10.2023 06:15:10
Zuletzt bearbeitet 21.11.2024 08:26:50

An issue was discovered in the ProofreadPage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. XSS can occur via formatNumNoSeparators.

5.3

CVE-2023-45374

EPSS 0.08%
Veröffentlicht 09.10.2023 06:15:10
Zuletzt bearbeitet 21.11.2024 08:26:50

An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It does not check for the anti-CSRF edit token in Special:SportsTeamsManager and Special:UpdateFavoriteT...

4.3

CVE-2023-45369

EPSS 0.11%
Veröffentlicht 09.10.2023 06:15:09
Zuletzt bearbeitet 21.11.2024 08:26:49

An issue was discovered in the PageTriage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. Usernames of hidden users are exposed.

<1234567...38>

Team-orientierte Vulnerability Management Plattform

Features der Plattform

Mediawiki ≫ Mediawiki

CVE-2024-23174

CVE-2023-51704

CVE-2023-45360

CVE-2023-45362

CVE-2023-45370

CVE-2023-45371

CVE-2023-45372

CVE-2023-45373

CVE-2023-45374

CVE-2023-45369