Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mediawiki mediawiki 1.39.0 vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2022-39193
An issue exists in the CheckUser extension for MediaWiki up to and including 1.39.x. Various components of this extension can expose information on the performer of edits and logged actions. This information should not allow public viewing: it is supposed to be viewable only by u...
Mediawiki Mediawiki 1.39.0
Mediawiki Mediawiki 1.39.1
5.4
CVSSv3
CVE-2023-22910
An issue exists in MediaWiki prior to 1.35.9, 1.36.x up to and including 1.38.x prior to 1.38.5, and 1.39.x prior to 1.39.1. There is XSS in Wikibase date formatting via wikibase-time-precision-* fields. This allows JavaScript execution by staff/admin users who do not intentional...
Mediawiki Mediawiki
Mediawiki Mediawiki 1.39.0
5.3
CVSSv3
CVE-2023-22912
An issue exists in MediaWiki prior to 1.35.9, 1.36.x up to and including 1.38.x prior to 1.38.5, and 1.39.x prior to 1.39.1. CheckUser TokenManager insecurely uses AES-CTR encryption with a repeated (aka re-used) nonce, allowing an adversary to decrypt.
Mediawiki Mediawiki
Mediawiki Mediawiki 1.39.0
5.5
CVSSv3
CVE-2022-47927
An issue exists in MediaWiki prior to 1.35.9, 1.36.x up to and including 1.38.x prior to 1.38.5, and 1.39.x prior to 1.39.1. When installing with a pre-existing data directory that has weak permissions, the SQLite files are created with file mode 0644, i.e., world readable to loc...
Mediawiki Mediawiki
Mediawiki Mediawiki 1.39.0
Fedoraproject Fedora 37
5.3
CVSSv3
CVE-2023-22909
An issue exists in MediaWiki prior to 1.35.9, 1.36.x up to and including 1.38.x prior to 1.38.5, and 1.39.x prior to 1.39.1. SpecialMobileHistory allows remote malicious users to cause a denial of service because database queries are slow.
Mediawiki Mediawiki
Mediawiki Mediawiki 1.39.0
Fedoraproject Fedora 37
6.1
CVSSv3
CVE-2023-22911
An issue exists in MediaWiki prior to 1.35.9, 1.36.x up to and including 1.38.x prior to 1.38.5, and 1.39.x prior to 1.39.1. E-Widgets does widget replacement in HTML attributes, which can lead to XSS, because widget authors often do not expect that their widget is executed in an...
Mediawiki Mediawiki
Mediawiki Mediawiki 1.39.0
Fedoraproject Fedora 37
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started