Mediawiki

Mediawiki

371 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2023-37302

Exploit
  • EPSS 1.36%
  • Published 30.06.2023 17:15:09
  • Last modified 21.11.2024 08:11:26

An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate (from resources/wikibase/templates.js) for quotes (which ca...

9.8

CVE-2023-37303

Exploit
  • EPSS 0.19%
  • Published 30.06.2023 17:15:09
  • Last modified 27.11.2024 19:15:32

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to block a user fails after a temporary browser hang and a DBQueryDisconnectedError error message.

5.4

CVE-2023-37304

Exploit
  • EPSS 0.35%
  • Published 30.06.2023 17:15:09
  • Last modified 21.11.2024 08:11:26

An issue was discovered in the DoubleWiki extension for MediaWiki through 1.39.3. includes/DoubleWiki.php allows XSS via the column alignment feature.

5.3

CVE-2023-37305

Exploit
  • EPSS 0.16%
  • Published 30.06.2023 17:15:09
  • Last modified 26.11.2024 17:15:19

An issue was discovered in the ProofreadPage (aka Proofread Page) extension for MediaWiki through 1.39.3. In includes/Page/PageContentHandler.php and includes/Page/PageDisplayHandler.php, hidden users can be exposed via public interfaces.

6.1

CVE-2023-37254

Exploit
  • EPSS 0.09%
  • Published 29.06.2023 16:15:10
  • Last modified 21.11.2024 08:11:18

An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. XSS can occur in Special:CargoQuery via a crafted page item when using the default format.

6.1

CVE-2023-37255

Exploit
  • EPSS 0.09%
  • Published 29.06.2023 16:15:10
  • Last modified 21.11.2024 08:11:19

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In Special:CheckUser, a check of the "get edits" type is vulnerable to HTML injection through the User-Agent HTTP request header.

6.1

CVE-2023-37256

Exploit
  • EPSS 0.09%
  • Published 29.06.2023 16:15:10
  • Last modified 26.11.2024 20:15:22

An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. It allows one to store javascript: URLs in URL fields, and automatically links these URLs.

6.1

CVE-2023-37251

  • EPSS 0.49%
  • Published 29.06.2023 16:15:09
  • Last modified 21.11.2024 08:11:18

An issue was discovered in the GoogleAnalyticsMetrics extension for MediaWiki through 1.39.3. The googleanalyticstrackurl parser function does not properly escape JavaScript in the onclick handler and does not prevent use of javascript: URLs.

6.1

CVE-2023-36675

Exploit
  • EPSS 0.69%
  • Published 26.06.2023 01:15:09
  • Last modified 21.11.2024 08:10:19

An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature.

4.3

CVE-2022-41766

Exploit
  • EPSS 0.05%
  • Published 29.05.2023 21:15:09
  • Last modified 21.11.2024 07:23:48

An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. Upon an action=rollback operation, the alreadyrolled message can leak a user name (when the user has been revision deleted/suppressed).