Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mediawiki mediawiki vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2022-31043
Guzzle is an open source PHP HTTP client. In affected versions `Authorization` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, we should not forward the `Author...
Guzzlephp Guzzle
Drupal Drupal
Drupal Drupal 9.4.0
Debian Debian Linux 11.0
5.8
CVSSv2
CVE-2022-29248
Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a ...
Guzzlephp Guzzle
Drupal Drupal
Debian Debian Linux 11.0
4.3
CVSSv2
CVE-2022-29969
The RSS extension prior to 2022-04-29 for MediaWiki allows XSS via an rss element (if the feed is in $wgRSSUrlWhitelist and $wgRSSAllowLinkTag is true).
Mediawiki Rss For Mediawiki
5
CVSSv2
CVE-2022-28323
An issue exists in MediaWiki up to and including 1.37.2. The SecurePoll extension allows a leak because sorting by timestamp is supported,
Mediawiki Mediawiki
4.3
CVSSv2
CVE-2022-29905
The FanBoxes extension for MediaWiki up to and including 1.37.2 (prior to 027ffb0b9d6fe0d823810cf03f5b562a212162d4) allows Special:UserBoxes CSRF.
Mediawiki Mediawiki
4.3
CVSSv2
CVE-2022-29903
The Private Domains extension for MediaWiki up to and including 1.37.2 (prior to 1ad65d4c1c199b375ea80988d99ab51ae068f766) allows CSRF for editing pages that store the extension's configuration. The attacker must trigger a POST request to Special:PrivateDomains.
Mediawiki Mediawiki
7.5
CVSSv2
CVE-2022-29906
The admin API module in the QuizGame extension for MediaWiki up to and including 1.37.2 (prior to 665e33a68f6fa1167df99c0aa18ed0157cdf9f66) omits a check for the quizadmin user.
Mediawiki Mediawiki
7.5
CVSSv2
CVE-2022-29904
The SemanticDrilldown extension for MediaWiki up to and including 1.37.2 (before e688bdba6434591b5dff689a45e4d53459954773) allows SQL injection with certain '-' and '_' constraints.
Mediawiki Mediawiki
4.3
CVSSv2
CVE-2022-29907
The Nimbus skin for MediaWiki up to and including 1.37.2 (prior to 6f9c8fb868345701d9544a54d9752515aace39df) allows XSS in Advertise link messages.
Mediawiki Mediawiki
5
CVSSv2
CVE-2022-29547
The CreateRedirect extension prior to 2022-04-14 for MediaWiki does not properly check whether the user has permissions to edit the target page. This could lead to an unauthorised (or blocked) user being able to edit a page.
Mediawiki Createredirect
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »