VYPR

GlobalBlocking

by MediaWiki

CVEs (3)

  • CVE-2012-4380HigOct 19, 2017
    risk 0.49cvss 7.5epss 0.02

    MediaWiki before 1.18.5, and 1.19.x before 1.19.2 allows remote attackers to bypass GlobalBlocking extension IP address blocking and create an account via unspecified vectors.

  • CVE-2024-23179Jan 12, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in the GlobalBlocking extension in MediaWiki before 1.40.2. For a Special:GlobalBlock?uselang=x-xss URI, i18n-based XSS can occur via the parentheses message. This affects subtitle links in buildSubtitleLinks.

  • CVE-2020-10534Mar 12, 2020
    risk 0.00cvss epss 0.01

    In the GlobalBlocking extension before 2020-03-10 for MediaWiki through 1.34.0, an issue related to IP range evaluation resulted in blocked users re-gaining escalated privileges. This is related to the case in which an IP address is contained in two ranges, one of which is…