VYPR

Bitnami package

mediawiki

pkg:bitnami/mediawiki

Vulnerabilities (172)

  • CVE-2025-3469NonApr 10, 2025
    affected < 1.43.1fixed 1.43.1

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLMultiSelectField.Php. This issue affects MediaWiki: befor

  • CVE-2025-32699LowApr 10, 2025
    affected < 1.41.1fixed 1.41.1

    Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid.This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1; Parsoid: before 0.16.5, 0.19.2, 0.20.2.

  • CVE-2025-32698LowApr 10, 2025
    affected < 1.41.1fixed 1.41.1

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/logging/LogPager.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1.

  • CVE-2025-32697NonApr 10, 2025
    affected < 1.43.1fixed 1.43.1

    Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/editpage/IntroMessageBuilder.Php, includes/Permissions/PermissionManager.Php, includes/Permissions/RestrictionStore.Php. This issue

  • CVE-2025-32696NonApr 10, 2025
    affected < 1.43.1fixed 1.43.1

    Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/actions/RevertAction.Php, includes/api/ApiFileRevert.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1.

  • CVE-2024-40605Jul 6, 2024
    affected < 1.44.0fixed 1.44.0

    An issue was discovered in the Foreground skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries.

  • CVE-2024-40604Jul 6, 2024
    affected < 1.44.0fixed 1.44.0

    An issue was discovered in the Nimbus skin for MediaWiki through 1.42.1. There is Stored XSS via MediaWiki:Nimbus-sidebar menu and submenu entries.

  • CVE-2024-40603Jul 6, 2024
    affected < 1.44.0fixed 1.44.0

    An issue was discovered in the ArticleRatings extension for MediaWiki through 1.42.1. Special:ChangeRating allows CSRF to alter data via a GET request.

  • CVE-2024-40602Jul 6, 2024
    affected < 1.44.0fixed 1.44.0

    An issue was discovered in the Tempo skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries.

  • CVE-2024-40601Jul 6, 2024
    affected < 1.44.0fixed 1.44.0

    An issue was discovered in the MediaWikiChat extension for MediaWiki through 1.42.1. CSRF can occur in API modules.

  • CVE-2024-40600Jul 6, 2024
    affected < 1.44.0fixed 1.44.0

    An issue was discovered in the Metrolook skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries.

  • CVE-2024-40599Jul 6, 2024
    affected < 1.44.0fixed 1.44.0

    An issue was discovered in the GuMaxDD skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries.

  • CVE-2024-40598Jul 6, 2024
    affected < 1.44.0fixed 1.44.0

    An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The API can expose suppressed information for log events. (The log_deleted attribute is not applied to entries.)

  • CVE-2024-40597Jul 6, 2024
    affected < 1.44.0fixed 1.44.0

    An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. It can expose suppressed information for log events. (The log_deleted attribute is not respected.)

  • CVE-2024-40596Jul 6, 2024
    affected < 1.44.0fixed 1.44.0

    An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The Special:Investigate feature can expose suppressed information for log events. (TimelineService does not support properly suppressing.)

  • CVE-2024-34507May 5, 2024
    affected < 1.41.1fixed 1.41.1

    An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. XSS can occur because of mishandling of the 0x1b character, as demonstrated by Special:RecentChanges#%1b0000000.

  • CVE-2024-34506May 5, 2024
    affected < 1.41.1fixed 1.41.1

    An issue was discovered in includes/specials/SpecialMovePage.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. If a user with the necessary rights to move the page opens Special:MovePage for a page with tens of thousands of subpages, then the page wi

  • CVE-2024-34502May 5, 2024
    affected < 1.41.1fixed 1.41.1

    An issue was discovered in WikibaseLexeme in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. Loading Special:MergeLexemes will (attempt to) make an edit that merges the from-id to the to-id, even if the request was not a POST request, and even if it does

  • CVE-2024-34500May 5, 2024
    affected < 1.41.1fixed 1.41.1

    An issue was discovered in the UnlinkedWikibase extension in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. XSS can occur through an interface message. Error messages (in the $err var) are not escaped before being passed to Html::rawElement() in the getE

  • CVE-2024-23179Jan 12, 2024
    affected < 1.41.1fixed 1.41.1

    An issue was discovered in the GlobalBlocking extension in MediaWiki before 1.40.2. For a Special:GlobalBlock?uselang=x-xss URI, i18n-based XSS can occur via the parentheses message. This affects subtitle links in buildSubtitleLinks.

Page 1 of 9