Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mediawiki mediawiki vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-34506
An issue exists in includes/specials/SpecialMovePage.php in MediaWiki prior to 1.39.7, 1.40.x prior to 1.40.3, and 1.41.x prior to 1.41.1. If a user with the necessary rights to move the page opens Special:MovePage for a page with tens of thousands of subpages, then the page will...
NA
CVE-2024-34502
An issue exists in WikibaseLexeme in MediaWiki prior to 1.39.6, 1.40.x prior to 1.40.2, and 1.41.x prior to 1.41.1. Loading Special:MergeLexemes will (attempt to) make an edit that merges the from-id to the to-id, even if the request was not a POST request, and even if it does no...
NA
CVE-2024-34500
An issue exists in the UnlinkedWikibase extension in MediaWiki prior to 1.39.6, 1.40.x prior to 1.40.2, and 1.41.x prior to 1.41.1. XSS can occur through an interface message. Error messages (in the $err var) are not escaped before being passed to Html::rawElement() in the getErr...
NA
CVE-2024-34507
An issue exists in includes/CommentFormatter/CommentParser.php in MediaWiki prior to 1.39.7, 1.40.x prior to 1.40.3, and 1.41.x prior to 1.41.1. XSS can occur because of mishandling of the 0x1b character, as demonstrated by Special:RecentChanges#%1b0000000.
NA
CVE-2024-29897
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users with (delete) or (suppressrevision) on any wiki in the farm to access suppressed wiki requests by going to the request's entry on Special:RequestWikiQueue on the w...
NA
CVE-2024-29898
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. An oversight during the writing of the patch for CVE-2024-29897 may have exposed suppressed wiki requests to private wikis that added Special:RequestWikiQueue to the read whitelist to users wit...
NA
CVE-2023-29134
An issue exists in the Cargo extension for MediaWiki up to and including 1.39.3. There is mishandling of backticks to smartSplit.
NA
CVE-2024-29883
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. Suppression of wiki requests does not work as intended, and always restricts visibility to those with the `(createwiki)` user right regardless of the settings one sets on a given wiki request. ...
NA
CVE-2024-25109
ManageWiki is a MediaWiki extension allowing users to manage wikis. Special:ManageWiki does not escape escape interface messages on the `columns` and `help` keys on the form descriptor. An attacker may exploit this and would have a cross site scripting attack vector. Exploiting t...
6.1
CVSSv3
CVE-2024-23177
An issue exists in the WatchAnalytics extension in MediaWiki prior to 1.40.2. XSS can occur via the Special:PageStatistics page parameter.
Mediawiki Mediawiki
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »