Mediawiki

Mediawiki

395 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.3

CVE-2023-3550

Exploit
  • EPSS 0.19%
  • Veröffentlicht 25.09.2023 16:15:14
  • Zuletzt bearbeitet 13.02.2025 17:16:57

Mediawiki v1.40.0 does not validate namespaces used in XML files. Therefore, if the instance administrator allows XML file uploads, a remote attacker with a low-privileged user account can use this exploit to become an administrator by sending a m...

5.3

CVE-2023-36674

  • EPSS 0.04%
  • Veröffentlicht 20.08.2023 18:15:09
  • Zuletzt bearbeitet 21.11.2024 08:10:19

An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list (aka badFile) by using the thumb parameter (aka Manualthumb) of the ...

5.3

CVE-2023-37300

Exploit
  • EPSS 0.26%
  • Veröffentlicht 30.06.2023 17:15:09
  • Zuletzt bearbeitet 27.11.2024 19:15:31

An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden users.

5.3

CVE-2023-37301

Exploit
  • EPSS 0.11%
  • Veröffentlicht 30.06.2023 17:15:09
  • Zuletzt bearbeitet 27.11.2024 19:15:31

An issue was discovered in SubmitEntityAction in Wikibase in MediaWiki through 1.39.3. Because it doesn't use EditEntity for undo and restore, the intended interaction with AbuseFilter does not occur.

6.1

CVE-2023-37302

Exploit
  • EPSS 1.72%
  • Veröffentlicht 30.06.2023 17:15:09
  • Zuletzt bearbeitet 21.11.2024 08:11:26

An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate (from resources/wikibase/templates.js) for quotes (which ca...

9.8

CVE-2023-37303

Exploit
  • EPSS 0.24%
  • Veröffentlicht 30.06.2023 17:15:09
  • Zuletzt bearbeitet 27.11.2024 19:15:32

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to block a user fails after a temporary browser hang and a DBQueryDisconnectedError error message.

5.4

CVE-2023-37304

Exploit
  • EPSS 0.57%
  • Veröffentlicht 30.06.2023 17:15:09
  • Zuletzt bearbeitet 21.11.2024 08:11:26

An issue was discovered in the DoubleWiki extension for MediaWiki through 1.39.3. includes/DoubleWiki.php allows XSS via the column alignment feature.

5.3

CVE-2023-37305

Exploit
  • EPSS 0.27%
  • Veröffentlicht 30.06.2023 17:15:09
  • Zuletzt bearbeitet 26.11.2024 17:15:19

An issue was discovered in the ProofreadPage (aka Proofread Page) extension for MediaWiki through 1.39.3. In includes/Page/PageContentHandler.php and includes/Page/PageDisplayHandler.php, hidden users can be exposed via public interfaces.

6.1

CVE-2023-37254

Exploit
  • EPSS 0.15%
  • Veröffentlicht 29.06.2023 16:15:10
  • Zuletzt bearbeitet 21.11.2024 08:11:18

An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. XSS can occur in Special:CargoQuery via a crafted page item when using the default format.

6.1

CVE-2023-37255

Exploit
  • EPSS 0.11%
  • Veröffentlicht 29.06.2023 16:15:10
  • Zuletzt bearbeitet 21.11.2024 08:11:19

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In Special:CheckUser, a check of the "get edits" type is vulnerable to HTML injection through the User-Agent HTTP request header.