Search
Total
106 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-51704 | 1 Mediawiki | 1 Mediawiki | 2023-12-29 | N/A | 6.1 MEDIUM |
| An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. In includes/logging/RightsLogFormatter.php, group-*-member messages can result in XSS on Special:log/rights. | |||||
| CVE-2023-45362 | 1 Mediawiki | 1 Mediawiki | 2023-11-28 | N/A | 4.3 MEDIUM |
| An issue was discovered in DifferenceEngine.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. diff-multi-sameuser (aka "X intermediate revisions by the same user not shown") ignores username suppression. This is an information leak. | |||||
| CVE-2023-45360 | 1 Mediawiki | 1 Mediawiki | 2023-11-09 | N/A | 5.4 MEDIUM |
| An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages. This is related to MediaWiki:Youhavenewmessagesfromusers. | |||||
| CVE-2023-36674 | 1 Mediawiki | 1 Mediawiki | 2023-08-25 | N/A | 5.3 MEDIUM |
| An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list (aka badFile) by using the thumb parameter (aka Manualthumb) of the File syntax. | |||||
| CVE-2022-39193 | 1 Mediawiki | 1 Mediawiki | 2023-08-08 | N/A | 5.3 MEDIUM |
| An issue was discovered in the CheckUser extension for MediaWiki through 1.39.x. Various components of this extension can expose information on the performer of edits and logged actions. This information should not allow public viewing: it is supposed to be viewable only by users with suppression rights. | |||||
| CVE-2021-44854 | 1 Mediawiki | 1 Mediawiki | 2023-08-08 | N/A | 5.3 MEDIUM |
| An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis. | |||||
| CVE-2023-36675 | 1 Mediawiki | 1 Mediawiki | 2023-07-31 | N/A | 6.1 MEDIUM |
| An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature. | |||||
| CVE-2022-34911 | 1 Mediawiki | 1 Mediawiki | 2022-07-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the page title to "Welcome" followed by the username, the username is not escaped: SpecialCreateAccount::successfulAction() calls ::showSuccessPage() with a message as second parameter, and OutputPage::setPageTitle() uses text(). | |||||
| CVE-2022-34912 | 1 Mediawiki | 1 Mediawiki | 2022-07-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won't be escaped. | |||||
| CVE-2021-31554 | 1 Mediawiki | 1 Mediawiki | 2022-07-12 | 5.5 MEDIUM | 5.4 MEDIUM |
| An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It improperly handled account blocks for certain automatically created MediaWiki user accounts, thus allowing nefarious users to remain unblocked. | |||||
| CVE-2021-44857 | 1 Mediawiki | 1 Mediawiki | 2022-07-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. It is possible to use action=mcrundo followed by action=mcrrestore to replace the content of any arbitrary page (that the user doesn't have edit rights for). This applies to any public wiki, or a private wiki that has at least one page set in $wgWhitelistRead. | |||||
| CVE-2021-31548 | 1 Mediawiki | 1 Mediawiki | 2022-07-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. A MediaWiki user who is partially blocked or was unsuccessfully blocked could bypass AbuseFilter and have their edits completed. | |||||
| CVE-2021-31552 | 1 Mediawiki | 1 Mediawiki | 2022-07-12 | 5.5 MEDIUM | 5.4 MEDIUM |
| An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It incorrectly executed certain rules related to blocking accounts after account creation. Such rules would allow for user accounts to be created while blocking only the IP address used to create an account (and not the user account itself). Such rules could also be used by a nefarious, unprivileged user to catalog and enumerate any number of IP addresses related to these account creations. | |||||
| CVE-2021-30152 | 3 Debian, Fedoraproject, Mediawiki | 3 Debian Linux, Fedora, Mediawiki | 2022-07-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through 1.35.x before 1.35.2. When using the MediaWiki API to "protect" a page, a user is currently able to protect to a higher level than they currently have permissions for. | |||||
| CVE-2021-30156 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2022-07-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Special:Contributions can leak that a "hidden" user exists. | |||||
| CVE-2021-31547 | 1 Mediawiki | 1 Mediawiki | 2022-07-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. Its AbuseFilterCheckMatch API reveals suppressed edits and usernames to unprivileged users through the iteration of crafted AbuseFilter rules. | |||||
| CVE-2022-28202 | 1 Mediawiki | 1 Mediawiki | 2022-06-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete. | |||||
| CVE-2021-30159 | 3 Debian, Fedoraproject, Mediawiki | 3 Debian Linux, Fedora, Mediawiki | 2022-05-27 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Users can bypass intended restrictions on deleting pages in certain "fast double move" situations. MovePage::isValidMoveTarget() uses FOR UPDATE, but it's only called if Title::getArticleID() returns non-zero with no special flags. Next, MovePage::moveToInternal() will delete the page if getArticleID(READ_LATEST) is non-zero. Therefore, if the page is missing in the replica DB, isValidMove() will return true, and then moveToInternal() will unconditionally delete the page if it can be found in the master. | |||||
| CVE-2022-29905 | 1 Mediawiki | 1 Mediawiki | 2022-05-10 | 4.3 MEDIUM | 4.3 MEDIUM |
| The FanBoxes extension for MediaWiki through 1.37.2 (before 027ffb0b9d6fe0d823810cf03f5b562a212162d4) allows Special:UserBoxes CSRF. | |||||
| CVE-2022-29903 | 1 Mediawiki | 1 Mediawiki | 2022-05-10 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Private Domains extension for MediaWiki through 1.37.2 (before 1ad65d4c1c199b375ea80988d99ab51ae068f766) allows CSRF for editing pages that store the extension's configuration. The attacker must trigger a POST request to Special:PrivateDomains. | |||||
| CVE-2022-29907 | 1 Mediawiki | 1 Mediawiki | 2022-05-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Nimbus skin for MediaWiki through 1.37.2 (before 6f9c8fb868345701d9544a54d9752515aace39df) allows XSS in Advertise link messages. | |||||
| CVE-2021-45471 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2022-02-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| In MediaWiki through 1.37, blocked IP addresses are allowed to edit EntitySchema items. | |||||
| CVE-2021-45472 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2022-02-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| In MediaWiki through 1.37, XSS can occur in Wikibase because an external identifier property can have a URL format that includes a $1 formatter substitution marker, and the javascript: URL scheme (among others) can be used. | |||||
| CVE-2021-45473 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2022-02-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| In MediaWiki through 1.37, Wikibase item descriptions allow XSS, which is triggered upon a visit to an action=info URL (aka a page-information sidebar). | |||||
| CVE-2021-45474 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2022-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| In MediaWiki through 1.37, the Special:ImportFile URI (aka FileImporter) allows XSS, as demonstrated by the clientUrl parameter. | |||||
| CVE-2021-46146 | 1 Mediawiki | 1 Mediawiki | 2022-01-13 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The WikibaseMediaInfo component is vulnerable to XSS via the caption fields for a given media file. | |||||
| CVE-2021-46148 | 1 Mediawiki | 1 Mediawiki | 2022-01-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. Some unprivileged users can view confidential information (e.g., IP addresses and User-Agent headers for election traffic) on a testwiki SecurePoll instance. | |||||
| CVE-2021-46150 | 1 Mediawiki | 1 Mediawiki | 2022-01-13 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. Special:CheckUserLog allows CheckUser XSS because of date mishandling, as demonstrated by an XSS payload in MediaWiki:October. | |||||
| CVE-2020-26120 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2022-01-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is mishandled during regex section line replacement from PageGateway. Using crafted HTML, an attacker can elicit an XSS attack via jQuery's parseHTML method, which can cause image callbacks to fire even without the element being appended to the DOM. | |||||
| CVE-2020-25828 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2022-01-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. The non-jqueryMsg version of mw.message().parse() doesn't escape HTML. This affects both message contents (which are generally safe) and the parameters (which can be based on user input). (When jqueryMsg is loaded, it correctly accepts only whitelisted tags in message contents, and escapes all parameters. Situations with an unloaded jqueryMsg are rare in practice, but can for example occur for Special:SpecialPages on a wiki with no extensions installed.) | |||||
| CVE-2020-25814 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2022-01-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, XSS related to jQuery can occur. The attacker creates a message with [javascript:payload xss] and turns it into a jQuery object with mw.message().parse(). The expected result is that the jQuery object does not contain an <a> tag (or it does not have a href attribute, or it's empty, etc.). The actual result is that the object contains an <a href ="javascript... that executes when clicked. | |||||
| CVE-2020-25815 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2022-01-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEventList::getFiltersDesc is insecurely using message text to build options names for an HTML multi-select field. The relevant code should use escaped() instead of text(). | |||||
| CVE-2020-25812 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2022-01-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in MediaWiki 1.34.x before 1.34.4. On Special:Contributions, the NS filter uses unescaped messages as keys in the option key for an HTMLForm specifier. This is vulnerable to a mild XSS if one of those messages is changed to include raw HTML. | |||||
| CVE-2020-25813 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2022-01-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, Special:UserRights exposes the existence of hidden users. | |||||
| CVE-2021-45038 | 1 Mediawiki | 1 Mediawiki | 2021-12-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. By using an action=rollback query, attackers can view private wiki contents. | |||||
| CVE-2021-30157 | 3 Debian, Fedoraproject, Mediawiki | 3 Debian Linux, Fedora, Mediawiki | 2021-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On ChangesList special pages such as Special:RecentChanges and Special:Watchlist, some of the rcfilters-filter-* label messages are output in HTML unescaped, leading to XSS. | |||||
| CVE-2021-30154 | 3 Debian, Fedoraproject, Mediawiki | 3 Debian Linux, Fedora, Mediawiki | 2021-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On Special:NewFiles, all the mediastatistics-header-* messages are output in HTML unescaped, leading to XSS. | |||||
| CVE-2021-30155 | 3 Debian, Fedoraproject, Mediawiki | 3 Debian Linux, Fedora, Mediawiki | 2021-12-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. ContentModelChange does not check if a user has correct permissions to create and set the content model of a nonexistent page. | |||||
| CVE-2021-30158 | 3 Debian, Fedoraproject, Mediawiki | 3 Debian Linux, Fedora, Mediawiki | 2021-12-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Blocked users are unable to use Special:ResetTokens. This has security relevance because a blocked user might have accidentally shared a token, or might know that a token has been compromised, and yet is not able to block any potential future use of the token by an unauthorized party. | |||||
| CVE-2021-41800 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2021-11-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled. | |||||
| CVE-2021-41798 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2021-11-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| MediaWiki before 1.36.2 allows XSS. Month related MediaWiki messages are not escaped before being used on the Special:Search results page. | |||||
| CVE-2021-42043 | 1 Mediawiki | 1 Mediawiki | 2021-10-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Special:MediaSearch in the MediaSearch extension in MediaWiki through 1.36.2. The suggestion text (a parameter to mediasearch-did-you-mean) was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the intitle: search operator within the query. | |||||
| CVE-2021-42042 | 1 Mediawiki | 1 Mediawiki | 2021-10-14 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in SpecialEditGrowthConfig in the GrowthExperiments extension in MediaWiki through 1.36.2. The growthexperiments-edit-config-error-invalid-title MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript. | |||||
| CVE-2021-42044 | 1 Mediawiki | 1 Mediawiki | 2021-10-14 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in the Mentor dashboard in the GrowthExperiments extension in MediaWiki through 1.36.2. The Growthexperiments-mentor-dashboard-mentee-overview-add-filter-total-edits-headline, growthexperiments-mentor-dashboard-mentee-overview-add-filter-starred-headline, growthexperiments-mentor-dashboard-mentee-overview-info-text, growthexperiments-mentor-dashboard-mentee-overview-info-legend-headline, and growthexperiments-mentor-dashboard-mentee-overview-active-ago MediaWiki messages were not being properly sanitized and allowed for the injection and execution of HTML and JavaScript. | |||||
| CVE-2021-42041 | 1 Mediawiki | 1 Mediawiki | 2021-10-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in CentralAuth in MediaWiki through 1.36.2. The rightsnone MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the setchange log. | |||||
| CVE-2020-35477 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one sets MediaWiki:Mainpage to Special:MyLanguage/Main Page, visits a log entry on Special:Log, and toggles the "Change visibility of selected log entries" checkbox (or a tags checkbox) next to it, there is a redirection to the main page's action=historysubmit (instead of the desired behavior in which a revision-deletion form appears). | |||||
| CVE-2020-35480 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in MediaWiki before 1.35.1. Missing users (accounts that don't exist) and hidden users (accounts that have been explicitly hidden due to being abusive, or similar) that the viewer cannot see are handled differently, exposing sensitive information about the hidden status to unprivileged viewers. This exists on various code paths. | |||||
| CVE-2020-10960 | 1 Mediawiki | 1 Mediawiki | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event handler to any Cascading Style Sheets (CSS) selector. There is no known way to exploit this for cross-site scripting (XSS). | |||||
| CVE-2019-16738 | 1 Mediawiki | 1 Mediawiki | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In MediaWiki through 1.33.0, Special:Redirect allows information disclosure of suppressed usernames via a User ID Lookup. | |||||
| CVE-2021-36127 | 1 Mediawiki | 1 Mediawiki | 2021-07-07 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalUserRights page provided search results which, for a suppressed MediaWiki user, were different than for any other user, thus easily disclosing suppressed accounts (which are supposed to be completely hidden). | |||||