VYPR

Createwiki

by Miraheze

Source repositories

CVEs (6)

  • CVE-2024-29883MedMar 26, 2024
    risk 0.32cvss 4.9epss 0.01

    CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. Suppression of wiki requests does not work as intended, and always restricts visibility to those with the `(createwiki)` user right regardless of the settings one sets on a given wiki request. This may…

  • CVE-2024-34701MedMay 14, 2024
    risk 0.31cvss 5.9epss 0.01

    CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users to be considered as the requester of a specific wiki request if their local user ID on any wiki in a wiki farm matches the local ID of the requester at the wiki where the wiki…

  • CVE-2024-29897MedMar 28, 2024
    risk 0.25cvss 4.9epss 0.01

    CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users with (delete) or (suppressrevision) on any wiki in the farm to access suppressed wiki requests by going to the request's entry on Special:RequestWikiQueue on the wiki where…

  • CVE-2024-47781MedOct 7, 2024
    risk 0.00cvss 6.1epss 0.00

    CreateWiki is an extension used at Miraheze for requesting & creating wikis. The name of requested wikis is not escaped on Special:RequestWikiQueue, so a user can insert arbitrary HTML that is displayed in the request wiki queue when requesting a wiki. If a wiki creator comes…

  • CVE-2024-29898MedMar 28, 2024
    risk 0.00cvss 4.9epss 0.01

    CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. An oversight during the writing of the patch for CVE-2024-29897 may have exposed suppressed wiki requests to private wikis that added Special:RequestWikiQueue to the read whitelist to users without the…

  • CVE-2022-24813MedApr 4, 2022
    risk 0.00cvss 5.3epss 0.01

    CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. Without the patch for this issue, anonymous comments can be made using Special:RequestWikiQueue when sent directly via POST. A patch for this issue is available in the `master` branch of CreateWiki's…