Mediawiki

Mediawiki

371 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2021-42048

  • EPSS 0.36%
  • Published 29.09.2022 03:15:14
  • Last modified 21.11.2024 06:27:08

An issue was discovered in the Growth extension in MediaWiki through 1.36.2. Any admin can add arbitrary JavaScript code to the Newcomer home page footer, which can be executed by viewers with zero edits.

6.5

CVE-2021-42049

  • EPSS 0.33%
  • Published 29.09.2022 03:15:14
  • Last modified 21.11.2024 06:27:08

An issue was discovered in the Translate extension in MediaWiki through 1.36.2. Oversighters cannot undo revisions or oversight on pages where they suppressed information (such as PII). This allows oversighters to whitewash revisions.

4.4

CVE-2022-28201

Exploit
  • EPSS 0.07%
  • Published 19.09.2022 21:15:09
  • Last modified 21.11.2024 06:56:56

An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Users with the editinterface permission can trigger infinite recursion, because a bare local interwiki is mishandled for the mainpage message.

7.5

CVE-2022-28203

Exploit
  • EPSS 0.42%
  • Published 19.09.2022 21:15:09
  • Last modified 21.11.2024 06:56:56

A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. When many files exist, requesting Special:NewFiles with actor as a condition can result in a very long running query.

7.5

CVE-2022-28204

Exploit
  • EPSS 0.38%
  • Published 19.09.2022 21:15:09
  • Last modified 29.05.2025 16:15:27

A denial-of-service issue was discovered in MediaWiki 1.37.x before 1.37.2. Rendering of w/index.php?title=Special%3AWhatLinksHere&target=Property%3AP31&namespace=1&invert=1 can take more than thirty seconds. There is a DDoS risk.

4.9

CVE-2022-39194

Exploit
  • EPSS 0.44%
  • Published 02.09.2022 05:15:07
  • Last modified 21.11.2024 07:17:45

An issue was discovered in the MediaWiki through 1.38.2. The community configuration pages for the GrowthExperiments extension could cause a site to become unavailable due to insufficient validation when certain actions (including page moves) were pe...

6.1

CVE-2022-34911

  • EPSS 0.38%
  • Published 02.07.2022 20:15:08
  • Last modified 21.11.2024 07:10:25

An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the page title to "Welc...

6.1

CVE-2022-34912

  • EPSS 0.21%
  • Published 02.07.2022 20:15:08
  • Last modified 21.11.2024 07:10:25

An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities...

7.5

CVE-2022-34750

  • EPSS 0.45%
  • Published 28.06.2022 13:15:12
  • Last modified 21.11.2024 07:10:07

An issue was discovered in MediaWiki through 1.38.1. The lemma length of a Wikibase lexeme is currently capped at a thousand characters. Unfortunately, this length is not validated, allowing much larger lexemes to be created, which introduces various...

7.5

CVE-2022-28323

  • EPSS 0.37%
  • Published 30.04.2022 16:15:07
  • Last modified 21.11.2024 06:57:10

An issue was discovered in MediaWiki through 1.37.2. The SecurePoll extension allows a leak because sorting by timestamp is supported,