VYPR

Mediawiki

by Wikimedia Foundation

Source repositories

CVEs (100)

  • CVE-2024-47846Oct 5, 2024
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross Site Request Forgery.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1.

  • CVE-2024-47849Oct 5, 2024
    risk 0.00cvss epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows SQL Injection.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1.

  • CVE-2023-45372Oct 9, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. During item merging, ItemMergeInteractor does not have an edit filter running (e.g., AbuseFilter).

  • CVE-2021-44854Dec 26, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis.

  • CVE-2022-41767Dec 26, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. When changes made by an IP address are reassigned to a user (using reassignEdits.php), the changes will still be attributed to the IP address on Special:Contributions…

  • CVE-2022-28203Sep 19, 2022
    risk 0.00cvss epss 0.01

    A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. When many files exist, requesting Special:NewFiles with actor as a condition can result in a very long running query.

  • CVE-2022-34912Jul 2, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won't be escaped.

  • CVE-2022-28206Mar 30, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidator.php in the FileImporter extension mishandles the check for edit rights.

  • CVE-2017-0371Feb 18, 2022
    risk 0.00cvss epss 0.02

    MediaWiki before 1.23.16, 1.24.x through 1.27.x before 1.27.2, and 1.28.x before 1.28.1 allows remote attackers to discover the IP addresses of Wiki visitors via a style="background-image: attr(title url);" attack within a DIV element that has an attacker-controlled URL in the…

  • CVE-2021-46149Jan 7, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. A denial of service (resource consumption) can be accomplished by searching for a very long key in a Language Name Search.

  • CVE-2021-42040Oct 6, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in MediaWiki through 1.36.2. A parser function related to loop control allowed for an infinite loop (and php-fpm hang) within the Loops extension because egLoopsCountLimit is mishandled. This could lead to memory exhaustion.

  • CVE-2021-42042Oct 6, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in SpecialEditGrowthConfig in the GrowthExperiments extension in MediaWiki through 1.36.2. The growthexperiments-edit-config-error-invalid-title MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and…

  • CVE-2021-36127Jul 2, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalUserRights page provided search results which, for a suppressed MediaWiki user, were different than for any other user, thus easily disclosing suppressed accounts (which are…

  • CVE-2020-35480Dec 18, 2020
    risk 0.00cvss epss 0.02

    An issue was discovered in MediaWiki before 1.35.1. Missing users (accounts that don't exist) and hidden users (accounts that have been explicitly hidden due to being abusive, or similar) that the viewer cannot see are handled differently, exposing sensitive information about…

  • CVE-2013-4572Feb 6, 2020
    risk 0.00cvss epss 0.02

    The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user.

  • CVE-2013-6451Jan 28, 2020
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in MediaWiki 1.19.9 before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via unspecified CSS values.

  • CVE-2013-6455Jan 28, 2020
    risk 0.00cvss epss 0.01

    The CentralAuth extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain usernames via vectors related to writing the names to the DOM of a page.

  • CVE-2013-4303Dec 11, 2019
    risk 0.00cvss epss 0.02

    includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 does not properly detect extensions when there are an even number of "." (period) characters in a string, which allows remote attackers to…

  • CVE-2015-8001Nov 9, 2015
    risk 0.00cvss epss 0.02

    The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not restrict the uploaded data to the claimed file size, which allows remote authenticated users to cause a denial of service via a chunk that exceeds the file…

  • CVE-2015-6730Sep 1, 2015
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter, which is not properly handled in an error page, related to…

Page 4 of 5