Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mediawiki mediawiki 1.40.0 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-45360
An issue exists in MediaWiki prior to 1.35.12, 1.36.x up to and including 1.39.x prior to 1.39.5, and 1.40.x prior to 1.40.1. There is XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages. This is related to MediaWiki:Youhavenewmessagesfromusers.
Mediawiki Mediawiki 1.40.0
Mediawiki Mediawiki
NA
CVE-2023-45362
An issue exists in DifferenceEngine.php in MediaWiki prior to 1.35.12, 1.36.x up to and including 1.39.x prior to 1.39.5, and 1.40.x prior to 1.40.1. diff-multi-sameuser (aka "X intermediate revisions by the same user not shown") ignores username suppression. This is an...
Mediawiki Mediawiki 1.40.0
Mediawiki Mediawiki
NA
CVE-2023-45370
An issue exists in the SportsTeams extension for MediaWiki prior to 1.35.12, 1.36.x up to and including 1.39.x prior to 1.39.5, and 1.40.x prior to 1.40.1. SportsTeams: Special:SportsManagerLogo and Special:SportsTeamsManagerLogo do not check for the sportsteamsmanager user right...
Mediawiki Mediawiki 1.40.0
Mediawiki Mediawiki
NA
CVE-2023-45373
An issue exists in the ProofreadPage extension for MediaWiki prior to 1.35.12, 1.36.x up to and including 1.39.x prior to 1.39.5, and 1.40.x prior to 1.40.1. XSS can occur via formatNumNoSeparators.
Mediawiki Mediawiki 1.40.0
Mediawiki Mediawiki
NA
CVE-2023-45371
An issue exists in the Wikibase extension for MediaWiki prior to 1.35.12, 1.36.x up to and including 1.39.x prior to 1.39.5, and 1.40.x prior to 1.40.1. There is no rate limit for merging items.
Mediawiki Mediawiki 1.40.0
Mediawiki Mediawiki
NA
CVE-2023-45369
An issue exists in the PageTriage extension for MediaWiki prior to 1.35.12, 1.36.x up to and including 1.39.x prior to 1.39.5, and 1.40.x prior to 1.40.1. Usernames of hidden users are exposed.
Mediawiki Mediawiki 1.40.0
Mediawiki Mediawiki
NA
CVE-2023-45372
An issue exists in the Wikibase extension for MediaWiki prior to 1.35.12, 1.36.x up to and including 1.39.x prior to 1.39.5, and 1.40.x prior to 1.40.1. During item merging, ItemMergeInteractor does not have an edit filter running (e.g., AbuseFilter).
Mediawiki Mediawiki 1.40.0
Mediawiki Mediawiki
NA
CVE-2023-45374
An issue exists in the SportsTeams extension for MediaWiki prior to 1.35.12, 1.36.x up to and including 1.39.x prior to 1.39.5, and 1.40.x prior to 1.40.1. It does not check for the anti-CSRF edit token in Special:SportsTeamsManager and Special:UpdateFavoriteTeams.
Mediawiki Mediawiki 1.40.0
Mediawiki Mediawiki
NA
CVE-2023-45363
An issue exists in ApiPageSet.php in MediaWiki prior to 1.35.12, 1.36.x up to and including 1.39.x prior to 1.39.5, and 1.40.x prior to 1.40.1. It allows malicious users to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to ot...
Mediawiki Mediawiki 1.40.0
Mediawiki Mediawiki
Debian Debian Linux 11.0
Debian Debian Linux 12.0
NA
CVE-2023-45367
An issue exists in the CheckUser extension for MediaWiki prior to 1.35.12, 1.36.x up to and including 1.39.x prior to 1.39.5, and 1.40.x prior to 1.40.1. A user can use a rest.php/checkuser/v0/useragent-clienthints/revision/ URL to store an arbitrary number of rows in cu_useragen...
Mediawiki Mediawiki 1.40.0
Mediawiki Mediawiki
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »