Mediawiki

Mediawiki

378 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2023-37305

Exploit
  • EPSS 0.21%
  • Veröffentlicht 30.06.2023 17:15:09
  • Zuletzt bearbeitet 26.11.2024 17:15:19

An issue was discovered in the ProofreadPage (aka Proofread Page) extension for MediaWiki through 1.39.3. In includes/Page/PageContentHandler.php and includes/Page/PageDisplayHandler.php, hidden users can be exposed via public interfaces.

6.1

CVE-2023-37254

Exploit
  • EPSS 0.12%
  • Veröffentlicht 29.06.2023 16:15:10
  • Zuletzt bearbeitet 21.11.2024 08:11:18

An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. XSS can occur in Special:CargoQuery via a crafted page item when using the default format.

6.1

CVE-2023-37255

Exploit
  • EPSS 0.09%
  • Veröffentlicht 29.06.2023 16:15:10
  • Zuletzt bearbeitet 21.11.2024 08:11:19

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In Special:CheckUser, a check of the "get edits" type is vulnerable to HTML injection through the User-Agent HTTP request header.

6.1

CVE-2023-37256

Exploit
  • EPSS 0.09%
  • Veröffentlicht 29.06.2023 16:15:10
  • Zuletzt bearbeitet 26.11.2024 20:15:22

An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. It allows one to store javascript: URLs in URL fields, and automatically links these URLs.

6.1

CVE-2023-37251

  • EPSS 0.49%
  • Veröffentlicht 29.06.2023 16:15:09
  • Zuletzt bearbeitet 21.11.2024 08:11:18

An issue was discovered in the GoogleAnalyticsMetrics extension for MediaWiki through 1.39.3. The googleanalyticstrackurl parser function does not properly escape JavaScript in the onclick handler and does not prevent use of javascript: URLs.

6.1

CVE-2023-36675

Exploit
  • EPSS 0.53%
  • Veröffentlicht 26.06.2023 01:15:09
  • Zuletzt bearbeitet 21.11.2024 08:10:19

An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature.

4.3

CVE-2022-41766

Exploit
  • EPSS 0.06%
  • Veröffentlicht 29.05.2023 21:15:09
  • Zuletzt bearbeitet 21.11.2024 07:23:48

An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. Upon an action=rollback operation, the alreadyrolled message can leak a user name (when the user has been revision deleted/suppressed).

4.3

CVE-2021-30153

Exploit
  • EPSS 0.2%
  • Veröffentlicht 15.04.2023 20:16:00
  • Zuletzt bearbeitet 06.02.2025 17:15:12

An issue was discovered in the VisualEditor extension in MediaWiki before 1.31.13, and 1.32.x through 1.35.x before 1.35.2. . When using VisualEditor to edit a MediaWiki user page belonging to an existing, but hidden, user, VisualEditor will disclose...

4.3

CVE-2023-29137

  • EPSS 0.1%
  • Veröffentlicht 31.03.2023 19:15:07
  • Zuletzt bearbeitet 14.02.2025 20:15:33

An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. The UserImpactHandler for GrowthExperiments inadvertently returns the timezone preference for arbitrary users, which can be used to de-anonymize users.

6.5

CVE-2023-29139

  • EPSS 0.05%
  • Veröffentlicht 31.03.2023 19:15:07
  • Zuletzt bearbeitet 14.02.2025 20:15:33

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. When a user with checkuserlog permissions makes many CheckUserLog API requests in some configurations, denial of service can occur (RequestTimeoutException or upstream r...