Mediawiki

Mediawiki

371 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2023-45373

  • EPSS 0.31%
  • Published 09.10.2023 06:15:10
  • Last modified 21.11.2024 08:26:50

An issue was discovered in the ProofreadPage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. XSS can occur via formatNumNoSeparators.

5.3

CVE-2023-45374

  • EPSS 0.08%
  • Published 09.10.2023 06:15:10
  • Last modified 21.11.2024 08:26:50

An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It does not check for the anti-CSRF edit token in Special:SportsTeamsManager and Special:UpdateFavoriteT...

4.3

CVE-2023-45369

  • EPSS 0.11%
  • Published 09.10.2023 06:15:09
  • Last modified 21.11.2024 08:26:49

An issue was discovered in the PageTriage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. Usernames of hidden users are exposed.

7.5

CVE-2023-45363

Exploit
  • EPSS 8.72%
  • Published 09.10.2023 05:15:09
  • Last modified 21.11.2024 08:26:49

An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages re...

5.3

CVE-2023-45364

  • EPSS 0.09%
  • Published 09.10.2023 05:15:09
  • Last modified 21.11.2024 08:26:49

An issue was discovered in includes/page/Article.php in MediaWiki 1.36.x through 1.39.x before 1.39.5 and 1.40.x before 1.40.1. Deleted revision existence is leaked due to incorrect permissions being checked. This reveals that a given revision ID bel...

6.5

CVE-2023-45367

Exploit
  • EPSS 0.14%
  • Published 09.10.2023 05:15:09
  • Last modified 21.11.2024 08:26:49

An issue was discovered in the CheckUser extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. A user can use a rest.php/checkuser/v0/useragent-clienthints/revision/ URL to store an arbitrary number of...

7.3

CVE-2023-3550

Exploit
  • EPSS 0.09%
  • Published 25.09.2023 16:15:14
  • Last modified 13.02.2025 17:16:57

Mediawiki v1.40.0 does not validate namespaces used in XML files. Therefore, if the instance administrator allows XML file uploads, a remote attacker with a low-privileged user account can use this exploit to become an administrator by sending a m...

5.3

CVE-2023-36674

  • EPSS 0.04%
  • Published 20.08.2023 18:15:09
  • Last modified 21.11.2024 08:10:19

An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list (aka badFile) by using the thumb parameter (aka Manualthumb) of the ...

5.3

CVE-2023-37300

Exploit
  • EPSS 0.15%
  • Published 30.06.2023 17:15:09
  • Last modified 27.11.2024 19:15:31

An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden users.

5.3

CVE-2023-37301

Exploit
  • EPSS 0.05%
  • Published 30.06.2023 17:15:09
  • Last modified 27.11.2024 19:15:31

An issue was discovered in SubmitEntityAction in Wikibase in MediaWiki through 1.39.3. Because it doesn't use EditEntity for undo and restore, the intended interaction with AbuseFilter does not occur.