Mediawiki

Mediawiki

395 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2023-22910

Exploit
  • EPSS 0.74%
  • Veröffentlicht 20.01.2023 18:15:10
  • Zuletzt bearbeitet 03.04.2025 16:15:31

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. There is XSS in Wikibase date formatting via wikibase-time-precision-* fields. This allows JavaScript execution by staff/admin users wh...

5.3

CVE-2023-22912

Exploit
  • EPSS 0.11%
  • Veröffentlicht 20.01.2023 18:15:10
  • Zuletzt bearbeitet 03.04.2025 16:15:32

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. CheckUser TokenManager insecurely uses AES-CTR encryption with a repeated (aka re-used) nonce, allowing an adversary to decrypt.

5.5

CVE-2022-47927

Exploit
  • EPSS 0.06%
  • Veröffentlicht 12.01.2023 06:15:08
  • Zuletzt bearbeitet 08.04.2025 16:15:24

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. When installing with a pre-existing data directory that has weak permissions, the SQLite files are created with file mode 0644, i.e., w...

4.3

CVE-2023-22945

  • EPSS 0.12%
  • Veröffentlicht 11.01.2023 01:15:10
  • Zuletzt bearbeitet 07.04.2025 19:15:51

In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users (blocked in ApiManageMentorList) to enroll as mentors or edit any of their mentorship-related properties.

5.3

CVE-2023-22909

  • EPSS 0.72%
  • Veröffentlicht 10.01.2023 08:15:10
  • Zuletzt bearbeitet 07.04.2025 19:15:51

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. SpecialMobileHistory allows remote attackers to cause a denial of service because database queries are slow.

6.1

CVE-2023-22911

Exploit
  • EPSS 0.57%
  • Veröffentlicht 10.01.2023 08:15:10
  • Zuletzt bearbeitet 07.04.2025 19:15:51

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. E-Widgets does widget replacement in HTML attributes, which can lead to XSS, because widget authors often do not expect that their widg...

5.3

CVE-2022-41765

  • EPSS 0.26%
  • Veröffentlicht 26.12.2022 06:15:11
  • Zuletzt bearbeitet 14.04.2025 15:15:21

An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. HTMLUserTextField exposes the existence of hidden users.

5.3

CVE-2022-41767

  • EPSS 0.25%
  • Veröffentlicht 26.12.2022 06:15:11
  • Zuletzt bearbeitet 14.04.2025 15:15:21

An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. When changes made by an IP address are reassigned to a user (using reassignEdits.php), the changes will still be attributed to the IP addre...

5.3

CVE-2021-44856

  • EPSS 0.18%
  • Veröffentlicht 26.12.2022 06:15:10
  • Zuletzt bearbeitet 14.04.2025 16:15:18

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. A title blocked by AbuseFilter can be created via Special:ChangeContentModel due to the mishandling of the EditFilterMergedContent hook return value.

5.3

CVE-2021-44854

  • EPSS 0.19%
  • Veröffentlicht 26.12.2022 05:15:10
  • Zuletzt bearbeitet 14.04.2025 16:15:18

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis.