VYPR

Mediawiki

by MediaWiki

Source repositories

CVEs (262)

  • CVE-2023-22912Jan 20, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. CheckUser TokenManager insecurely uses AES-CTR encryption with a repeated (aka re-used) nonce, allowing an adversary to decrypt.

  • CVE-2022-47927Jan 12, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. When installing with a pre-existing data directory that has weak permissions, the SQLite files are created with file mode 0644, i.e., world readable to local users.…

  • CVE-2023-22909Jan 10, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. SpecialMobileHistory allows remote attackers to cause a denial of service because database queries are slow.

  • CVE-2023-22911Jan 10, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. E-Widgets does widget replacement in HTML attributes, which can lead to XSS, because widget authors often do not expect that their widget is executed in an HTML…

  • CVE-2021-44854Dec 26, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis.

  • CVE-2022-41767Dec 26, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. When changes made by an IP address are reassigned to a user (using reassignEdits.php), the changes will still be attributed to the IP address on Special:Contributions…

  • CVE-2021-44856Dec 26, 2022
    risk 0.00cvss epss 0.00

    An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. A title blocked by AbuseFilter can be created via Special:ChangeContentModel due to the mishandling of the EditFilterMergedContent hook return value.

  • CVE-2022-41765Dec 26, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. HTMLUserTextField exposes the existence of hidden users.

  • CVE-2021-44855Dec 26, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. There is Blind Stored XSS via a URL to the Upload Image feature.

  • CVE-2022-28204Sep 19, 2022
    risk 0.00cvss epss 0.01

    A denial-of-service issue was discovered in MediaWiki 1.37.x before 1.37.2. Rendering of w/index.php?title=Special%3AWhatLinksHere&target=Property%3AP31&namespace=1&invert=1 can take more than thirty seconds. There is a DDoS risk.

  • CVE-2022-28201Sep 19, 2022
    risk 0.00cvss epss 0.00

    An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Users with the editinterface permission can trigger infinite recursion, because a bare local interwiki is mishandled for the mainpage message.

  • CVE-2022-28203Sep 19, 2022
    risk 0.00cvss epss 0.01

    A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. When many files exist, requesting Special:NewFiles with actor as a condition can result in a very long running query.

  • CVE-2022-39194Sep 2, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in the MediaWiki through 1.38.2. The community configuration pages for the GrowthExperiments extension could cause a site to become unavailable due to insufficient validation when certain actions (including page moves) were performed.

  • CVE-2022-34912Jul 2, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won't be escaped.

  • CVE-2022-34911Jul 2, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the page title to "Welcome" followed by the…

  • CVE-2022-34750Jun 28, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in MediaWiki through 1.38.1. The lemma length of a Wikibase lexeme is currently capped at a thousand characters. Unfortunately, this length is not validated, allowing much larger lexemes to be created, which introduces various denial-of-service attack…

  • CVE-2022-28323Apr 30, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in MediaWiki through 1.37.2. The SecurePoll extension allows a leak because sorting by timestamp is supported,

  • CVE-2022-28205Mar 30, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in MediaWiki through 1.37.1. The CentralAuth extension mishandles a ttl issue for groups expiring in the future.

  • CVE-2022-28206Mar 30, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidator.php in the FileImporter extension mishandles the check for edit rights.

  • CVE-2022-28202Mar 30, 2022
    risk 0.00cvss epss 0.01

    An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete.

Page 5 of 14