Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

mediawiki mediawiki 1.39.0 vulnerabilities and exploits

(subscribe to this query)
NA
CVE-2022-39193
An issue exists in the CheckUser extension for MediaWiki up to and including 1.39.x. Various components of this extension can expose information on the performer of edits and logged actions. This information should not allow public viewing: it is supposed to be viewable only by u...
Mediawiki Mediawiki 1.39.0Mediawiki Mediawiki 1.39.1
NA
CVE-2023-22910
An issue exists in MediaWiki prior to 1.35.9, 1.36.x up to and including 1.38.x prior to 1.38.5, and 1.39.x prior to 1.39.1. There is XSS in Wikibase date formatting via wikibase-time-precision-* fields. This allows JavaScript execution by staff/admin users who do not intentional...
Mediawiki MediawikiMediawiki Mediawiki 1.39.0
NA
CVE-2023-22912
An issue exists in MediaWiki prior to 1.35.9, 1.36.x up to and including 1.38.x prior to 1.38.5, and 1.39.x prior to 1.39.1. CheckUser TokenManager insecurely uses AES-CTR encryption with a repeated (aka re-used) nonce, allowing an adversary to decrypt.
Mediawiki MediawikiMediawiki Mediawiki 1.39.0
NA
CVE-2022-47927
An issue exists in MediaWiki prior to 1.35.9, 1.36.x up to and including 1.38.x prior to 1.38.5, and 1.39.x prior to 1.39.1. When installing with a pre-existing data directory that has weak permissions, the SQLite files are created with file mode 0644, i.e., world readable to loc...
Mediawiki MediawikiMediawiki Mediawiki 1.39.0Fedoraproject Fedora 37
NA
CVE-2023-22909
An issue exists in MediaWiki prior to 1.35.9, 1.36.x up to and including 1.38.x prior to 1.38.5, and 1.39.x prior to 1.39.1. SpecialMobileHistory allows remote malicious users to cause a denial of service because database queries are slow.
Mediawiki MediawikiMediawiki Mediawiki 1.39.0Fedoraproject Fedora 37
NA
CVE-2023-22911
An issue exists in MediaWiki prior to 1.35.9, 1.36.x up to and including 1.38.x prior to 1.38.5, and 1.39.x prior to 1.39.1. E-Widgets does widget replacement in HTML attributes, which can lead to XSS, because widget authors often do not expect that their widget is executed in an...
Mediawiki MediawikiMediawiki Mediawiki 1.39.0Fedoraproject Fedora 37
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereferenceCVE-2023-52689CVE-2024-23803client sideCVE-2023-52696information disclosureCVE-2024-35843CVE-2024-27130CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook