Mediawiki

Mediawiki

371 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2023-22909

  • EPSS 0.21%
  • Veröffentlicht 10.01.2023 08:15:10
  • Zuletzt bearbeitet 07.04.2025 19:15:51

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. SpecialMobileHistory allows remote attackers to cause a denial of service because database queries are slow.

6.1

CVE-2023-22911

Exploit
  • EPSS 0.37%
  • Veröffentlicht 10.01.2023 08:15:10
  • Zuletzt bearbeitet 07.04.2025 19:15:51

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. E-Widgets does widget replacement in HTML attributes, which can lead to XSS, because widget authors often do not expect that their widg...

5.3

CVE-2022-41765

  • EPSS 0.15%
  • Veröffentlicht 26.12.2022 06:15:11
  • Zuletzt bearbeitet 14.04.2025 15:15:21

An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. HTMLUserTextField exposes the existence of hidden users.

5.3

CVE-2022-41767

  • EPSS 0.15%
  • Veröffentlicht 26.12.2022 06:15:11
  • Zuletzt bearbeitet 14.04.2025 15:15:21

An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. When changes made by an IP address are reassigned to a user (using reassignEdits.php), the changes will still be attributed to the IP addre...

5.3

CVE-2021-44856

  • EPSS 0.14%
  • Veröffentlicht 26.12.2022 06:15:10
  • Zuletzt bearbeitet 14.04.2025 16:15:18

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. A title blocked by AbuseFilter can be created via Special:ChangeContentModel due to the mishandling of the EditFilterMergedContent hook return value.

5.3

CVE-2021-44854

  • EPSS 0.11%
  • Veröffentlicht 26.12.2022 05:15:10
  • Zuletzt bearbeitet 14.04.2025 16:15:18

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis.

5.4

CVE-2021-44855

Exploit
  • EPSS 0.28%
  • Veröffentlicht 26.12.2022 05:15:10
  • Zuletzt bearbeitet 14.04.2025 16:15:18

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. There is Blind Stored XSS via a URL to the Upload Image feature.

5.4

CVE-2021-42045

  • EPSS 0.36%
  • Veröffentlicht 29.09.2022 03:15:14
  • Zuletzt bearbeitet 21.11.2024 06:27:07

An issue was discovered in SecurePoll in the Growth extension in MediaWiki through 1.36.2. Simple polls allow users to create alerts by changing their User-Agent HTTP header and submitting a vote.

6.1

CVE-2021-42046

  • EPSS 0.51%
  • Veröffentlicht 29.09.2022 03:15:14
  • Zuletzt bearbeitet 21.11.2024 06:27:07

An issue was discovered in the GlobalWatchlist extension in MediaWiki through 1.36.2. The rev-deleted-user and ntimes messages were not properly escaped and allowed for users to inject HTML and JavaScript.

5.4

CVE-2021-42047

  • EPSS 0.36%
  • Veröffentlicht 29.09.2022 03:15:14
  • Zuletzt bearbeitet 21.11.2024 06:27:08

An issue was discovered in the Growth extension in MediaWiki through 1.36.2. On any Wiki with the Mentor Dashboard feature enabled, users can login with a mentor account and trigger an XSS payload (such as alert) via Growthexperiments-mentor-dashboar...