Mediawiki

Mediawiki

378 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2022-28203

Exploit
  • EPSS 0.42%
  • Veröffentlicht 19.09.2022 21:15:09
  • Zuletzt bearbeitet 21.11.2024 06:56:56

A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. When many files exist, requesting Special:NewFiles with actor as a condition can result in a very long running query.

7.5

CVE-2022-28204

Exploit
  • EPSS 0.38%
  • Veröffentlicht 19.09.2022 21:15:09
  • Zuletzt bearbeitet 29.05.2025 16:15:27

A denial-of-service issue was discovered in MediaWiki 1.37.x before 1.37.2. Rendering of w/index.php?title=Special%3AWhatLinksHere&target=Property%3AP31&namespace=1&invert=1 can take more than thirty seconds. There is a DDoS risk.

4.9

CVE-2022-39194

Exploit
  • EPSS 0.33%
  • Veröffentlicht 02.09.2022 05:15:07
  • Zuletzt bearbeitet 21.11.2024 07:17:45

An issue was discovered in the MediaWiki through 1.38.2. The community configuration pages for the GrowthExperiments extension could cause a site to become unavailable due to insufficient validation when certain actions (including page moves) were pe...

6.1

CVE-2022-34911

  • EPSS 0.44%
  • Veröffentlicht 02.07.2022 20:15:08
  • Zuletzt bearbeitet 21.11.2024 07:10:25

An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the page title to "Welc...

6.1

CVE-2022-34912

  • EPSS 0.24%
  • Veröffentlicht 02.07.2022 20:15:08
  • Zuletzt bearbeitet 21.11.2024 07:10:25

An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities...

7.5

CVE-2022-34750

  • EPSS 0.45%
  • Veröffentlicht 28.06.2022 13:15:12
  • Zuletzt bearbeitet 21.11.2024 07:10:07

An issue was discovered in MediaWiki through 1.38.1. The lemma length of a Wikibase lexeme is currently capped at a thousand characters. Unfortunately, this length is not validated, allowing much larger lexemes to be created, which introduces various...

7.5

CVE-2022-28323

  • EPSS 0.37%
  • Veröffentlicht 30.04.2022 16:15:07
  • Zuletzt bearbeitet 21.11.2024 06:57:10

An issue was discovered in MediaWiki through 1.37.2. The SecurePoll extension allows a leak because sorting by timestamp is supported,

4.3

CVE-2022-29903

Exploit
  • EPSS 0.07%
  • Veröffentlicht 29.04.2022 04:15:10
  • Zuletzt bearbeitet 21.11.2024 06:59:56

The Private Domains extension for MediaWiki through 1.37.2 (before 1ad65d4c1c199b375ea80988d99ab51ae068f766) allows CSRF for editing pages that store the extension's configuration. The attacker must trigger a POST request to Special:PrivateDomains.

9.8

CVE-2022-29904

Exploit
  • EPSS 0.9%
  • Veröffentlicht 29.04.2022 04:15:10
  • Zuletzt bearbeitet 21.11.2024 06:59:56

The SemanticDrilldown extension for MediaWiki through 1.37.2 (before e688bdba6434591b5dff689a45e4d53459954773) allows SQL injection with certain '-' and '_' constraints.

4.3

CVE-2022-29905

Exploit
  • EPSS 0.09%
  • Veröffentlicht 29.04.2022 04:15:10
  • Zuletzt bearbeitet 21.11.2024 06:59:56

The FanBoxes extension for MediaWiki through 1.37.2 (before 027ffb0b9d6fe0d823810cf03f5b562a212162d4) allows Special:UserBoxes CSRF.