Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mediawiki mediawiki 1.40.0 vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2023-36674
An issue exists in MediaWiki prior to 1.35.11, 1.36.x up to and including 1.38.x prior to 1.38.7, 1.39.x prior to 1.39.4, and 1.40.x prior to 1.40.1. It is possible to bypass the Bad image list (aka badFile) by using the thumb parameter (aka Manualthumb) of the File syntax.
Mediawiki Mediawiki
Mediawiki Mediawiki 1.40.0
5.4
CVSSv3
CVE-2023-45360
An issue exists in MediaWiki prior to 1.35.12, 1.36.x up to and including 1.39.x prior to 1.39.5, and 1.40.x prior to 1.40.1. There is XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages. This is related to MediaWiki:Youhavenewmessagesfromusers.
Mediawiki Mediawiki 1.40.0
Mediawiki Mediawiki
4.3
CVSSv3
CVE-2023-45362
An issue exists in DifferenceEngine.php in MediaWiki prior to 1.35.12, 1.36.x up to and including 1.39.x prior to 1.39.5, and 1.40.x prior to 1.40.1. diff-multi-sameuser (aka "X intermediate revisions by the same user not shown") ignores username suppression. This is an...
Mediawiki Mediawiki 1.40.0
Mediawiki Mediawiki
6.5
CVSSv3
CVE-2023-45367
An issue exists in the CheckUser extension for MediaWiki prior to 1.35.12, 1.36.x up to and including 1.39.x prior to 1.39.5, and 1.40.x prior to 1.40.1. A user can use a rest.php/checkuser/v0/useragent-clienthints/revision/ URL to store an arbitrary number of rows in cu_useragen...
Mediawiki Mediawiki 1.40.0
Mediawiki Mediawiki
4.3
CVSSv3
CVE-2023-45369
An issue exists in the PageTriage extension for MediaWiki prior to 1.35.12, 1.36.x up to and including 1.39.x prior to 1.39.5, and 1.40.x prior to 1.40.1. Usernames of hidden users are exposed.
Mediawiki Mediawiki 1.40.0
Mediawiki Mediawiki
5.3
CVSSv3
CVE-2023-45370
An issue exists in the SportsTeams extension for MediaWiki prior to 1.35.12, 1.36.x up to and including 1.39.x prior to 1.39.5, and 1.40.x prior to 1.40.1. SportsTeams: Special:SportsManagerLogo and Special:SportsTeamsManagerLogo do not check for the sportsteamsmanager user right...
Mediawiki Mediawiki 1.40.0
Mediawiki Mediawiki
7.5
CVSSv3
CVE-2023-45371
An issue exists in the Wikibase extension for MediaWiki prior to 1.35.12, 1.36.x up to and including 1.39.x prior to 1.39.5, and 1.40.x prior to 1.40.1. There is no rate limit for merging items.
Mediawiki Mediawiki 1.40.0
Mediawiki Mediawiki
5.3
CVSSv3
CVE-2023-45372
An issue exists in the Wikibase extension for MediaWiki prior to 1.35.12, 1.36.x up to and including 1.39.x prior to 1.39.5, and 1.40.x prior to 1.40.1. During item merging, ItemMergeInteractor does not have an edit filter running (e.g., AbuseFilter).
Mediawiki Mediawiki 1.40.0
Mediawiki Mediawiki
6.1
CVSSv3
CVE-2023-45373
An issue exists in the ProofreadPage extension for MediaWiki prior to 1.35.12, 1.36.x up to and including 1.39.x prior to 1.39.5, and 1.40.x prior to 1.40.1. XSS can occur via formatNumNoSeparators.
Mediawiki Mediawiki 1.40.0
Mediawiki Mediawiki
5.3
CVSSv3
CVE-2023-45374
An issue exists in the SportsTeams extension for MediaWiki prior to 1.35.12, 1.36.x up to and including 1.39.x prior to 1.39.5, and 1.40.x prior to 1.40.1. It does not check for the anti-CSRF edit token in Special:SportsTeamsManager and Special:UpdateFavoriteTeams.
Mediawiki Mediawiki 1.40.0
Mediawiki Mediawiki
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »