Mediawiki

Mediawiki

371 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2021-30153

Exploit
  • EPSS 0.15%
  • Published 15.04.2023 20:16:00
  • Last modified 06.02.2025 17:15:12

An issue was discovered in the VisualEditor extension in MediaWiki before 1.31.13, and 1.32.x through 1.35.x before 1.35.2. . When using VisualEditor to edit a MediaWiki user page belonging to an existing, but hidden, user, VisualEditor will disclose...

4.3

CVE-2023-29137

  • EPSS 0.08%
  • Published 31.03.2023 19:15:07
  • Last modified 14.02.2025 20:15:33

An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. The UserImpactHandler for GrowthExperiments inadvertently returns the timezone preference for arbitrary users, which can be used to de-anonymize users.

6.5

CVE-2023-29139

  • EPSS 0.04%
  • Published 31.03.2023 19:15:07
  • Last modified 14.02.2025 20:15:33

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. When a user with checkuserlog permissions makes many CheckUserLog API requests in some configurations, denial of service can occur (RequestTimeoutException or upstream r...

5.3

CVE-2023-29140

  • EPSS 0.07%
  • Published 31.03.2023 19:15:07
  • Last modified 18.02.2025 16:15:15

An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. Attackers might be able to see edits for which the username has been hidden, because there is no check for rev_deleted.

9.8

CVE-2023-29141

  • EPSS 0.18%
  • Published 31.03.2023 19:15:07
  • Last modified 18.02.2025 16:15:16

An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header.

5.3

CVE-2022-39193

Exploit
  • EPSS 0.1%
  • Published 20.01.2023 19:15:15
  • Last modified 03.04.2025 16:15:23

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.x. Various components of this extension can expose information on the performer of edits and logged actions. This information should not allow public viewing: it is suppose...

5.4

CVE-2023-22910

Exploit
  • EPSS 0.46%
  • Published 20.01.2023 18:15:10
  • Last modified 03.04.2025 16:15:31

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. There is XSS in Wikibase date formatting via wikibase-time-precision-* fields. This allows JavaScript execution by staff/admin users wh...

5.3

CVE-2023-22912

Exploit
  • EPSS 0.22%
  • Published 20.01.2023 18:15:10
  • Last modified 03.04.2025 16:15:32

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. CheckUser TokenManager insecurely uses AES-CTR encryption with a repeated (aka re-used) nonce, allowing an adversary to decrypt.

5.5

CVE-2022-47927

Exploit
  • EPSS 0.03%
  • Published 12.01.2023 06:15:08
  • Last modified 08.04.2025 16:15:24

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. When installing with a pre-existing data directory that has weak permissions, the SQLite files are created with file mode 0644, i.e., w...

4.3

CVE-2023-22945

  • EPSS 0.09%
  • Published 11.01.2023 01:15:10
  • Last modified 07.04.2025 19:15:51

In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users (blocked in ApiManageMentorList) to enroll as mentors or edit any of their mentorship-related properties.