Mediawiki

Mediawiki

378 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2023-29140

  • EPSS 0.1%
  • Veröffentlicht 31.03.2023 19:15:07
  • Zuletzt bearbeitet 18.02.2025 16:15:15

An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. Attackers might be able to see edits for which the username has been hidden, because there is no check for rev_deleted.

9.8

CVE-2023-29141

  • EPSS 0.25%
  • Veröffentlicht 31.03.2023 19:15:07
  • Zuletzt bearbeitet 18.02.2025 16:15:16

An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header.

5.3

CVE-2022-39193

Exploit
  • EPSS 0.17%
  • Veröffentlicht 20.01.2023 19:15:15
  • Zuletzt bearbeitet 03.04.2025 16:15:23

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.x. Various components of this extension can expose information on the performer of edits and logged actions. This information should not allow public viewing: it is suppose...

5.4

CVE-2023-22910

Exploit
  • EPSS 0.74%
  • Veröffentlicht 20.01.2023 18:15:10
  • Zuletzt bearbeitet 03.04.2025 16:15:31

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. There is XSS in Wikibase date formatting via wikibase-time-precision-* fields. This allows JavaScript execution by staff/admin users wh...

5.3

CVE-2023-22912

Exploit
  • EPSS 0.11%
  • Veröffentlicht 20.01.2023 18:15:10
  • Zuletzt bearbeitet 03.04.2025 16:15:32

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. CheckUser TokenManager insecurely uses AES-CTR encryption with a repeated (aka re-used) nonce, allowing an adversary to decrypt.

5.5

CVE-2022-47927

Exploit
  • EPSS 0.05%
  • Veröffentlicht 12.01.2023 06:15:08
  • Zuletzt bearbeitet 08.04.2025 16:15:24

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. When installing with a pre-existing data directory that has weak permissions, the SQLite files are created with file mode 0644, i.e., w...

4.3

CVE-2023-22945

  • EPSS 0.25%
  • Veröffentlicht 11.01.2023 01:15:10
  • Zuletzt bearbeitet 07.04.2025 19:15:51

In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users (blocked in ApiManageMentorList) to enroll as mentors or edit any of their mentorship-related properties.

5.3

CVE-2023-22909

  • EPSS 0.36%
  • Veröffentlicht 10.01.2023 08:15:10
  • Zuletzt bearbeitet 07.04.2025 19:15:51

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. SpecialMobileHistory allows remote attackers to cause a denial of service because database queries are slow.

6.1

CVE-2023-22911

Exploit
  • EPSS 0.59%
  • Veröffentlicht 10.01.2023 08:15:10
  • Zuletzt bearbeitet 07.04.2025 19:15:51

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. E-Widgets does widget replacement in HTML attributes, which can lead to XSS, because widget authors often do not expect that their widg...

5.3

CVE-2022-41765

  • EPSS 0.25%
  • Veröffentlicht 26.12.2022 06:15:11
  • Zuletzt bearbeitet 14.04.2025 15:15:21

An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. HTMLUserTextField exposes the existence of hidden users.