Mediawiki

Mediawiki

395 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2023-37256

Exploit
  • EPSS 0.11%
  • Veröffentlicht 29.06.2023 16:15:10
  • Zuletzt bearbeitet 26.11.2024 20:15:22

An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. It allows one to store javascript: URLs in URL fields, and automatically links these URLs.

6.1

CVE-2023-37251

  • EPSS 0.61%
  • Veröffentlicht 29.06.2023 16:15:09
  • Zuletzt bearbeitet 21.11.2024 08:11:18

An issue was discovered in the GoogleAnalyticsMetrics extension for MediaWiki through 1.39.3. The googleanalyticstrackurl parser function does not properly escape JavaScript in the onclick handler and does not prevent use of javascript: URLs.

6.1

CVE-2023-36675

Exploit
  • EPSS 0.53%
  • Veröffentlicht 26.06.2023 01:15:09
  • Zuletzt bearbeitet 21.11.2024 08:10:19

An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature.

4.3

CVE-2022-41766

Exploit
  • EPSS 0.07%
  • Veröffentlicht 29.05.2023 21:15:09
  • Zuletzt bearbeitet 21.11.2024 07:23:48

An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. Upon an action=rollback operation, the alreadyrolled message can leak a user name (when the user has been revision deleted/suppressed).

4.3

CVE-2021-30153

Exploit
  • EPSS 0.43%
  • Veröffentlicht 15.04.2023 20:16:00
  • Zuletzt bearbeitet 06.02.2025 17:15:12

An issue was discovered in the VisualEditor extension in MediaWiki before 1.31.13, and 1.32.x through 1.35.x before 1.35.2. . When using VisualEditor to edit a MediaWiki user page belonging to an existing, but hidden, user, VisualEditor will disclose...

4.3

CVE-2023-29137

  • EPSS 0.15%
  • Veröffentlicht 31.03.2023 19:15:07
  • Zuletzt bearbeitet 14.02.2025 20:15:33

An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. The UserImpactHandler for GrowthExperiments inadvertently returns the timezone preference for arbitrary users, which can be used to de-anonymize users.

6.5

CVE-2023-29139

  • EPSS 0.16%
  • Veröffentlicht 31.03.2023 19:15:07
  • Zuletzt bearbeitet 14.02.2025 20:15:33

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. When a user with checkuserlog permissions makes many CheckUserLog API requests in some configurations, denial of service can occur (RequestTimeoutException or upstream r...

5.3

CVE-2023-29140

  • EPSS 0.14%
  • Veröffentlicht 31.03.2023 19:15:07
  • Zuletzt bearbeitet 18.02.2025 16:15:15

An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. Attackers might be able to see edits for which the username has been hidden, because there is no check for rev_deleted.

9.8

CVE-2023-29141

  • EPSS 0.29%
  • Veröffentlicht 31.03.2023 19:15:07
  • Zuletzt bearbeitet 18.02.2025 16:15:16

An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header.

5.3

CVE-2022-39193

Exploit
  • EPSS 0.17%
  • Veröffentlicht 20.01.2023 19:15:15
  • Zuletzt bearbeitet 03.04.2025 16:15:23

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.x. Various components of this extension can expose information on the performer of edits and logged actions. This information should not allow public viewing: it is suppose...