Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mediawiki mediawiki vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2024-23179
An issue exists in the GlobalBlocking extension in MediaWiki prior to 1.40.2. For a Special:GlobalBlock?uselang=x-xss URI, i18n-based XSS can occur via the parentheses message. This affects subtitle links in buildSubtitleLinks.
Mediawiki Mediawiki
6.1
CVSSv3
CVE-2024-23177
An issue exists in the WatchAnalytics extension in MediaWiki prior to 1.40.2. XSS can occur via the Special:PageStatistics page parameter.
Mediawiki Mediawiki
5.4
CVSSv3
CVE-2024-23178
An issue exists in the Phonos extension in MediaWiki prior to 1.40.2. PhonosButton.js allows i18n-based XSS via the phonos-purge-needed-error message.
Mediawiki Mediawiki
5.4
CVSSv3
CVE-2024-23171
An issue exists in the CampaignEvents extension in MediaWiki prior to 1.35.14, 1.36.x up to and including 1.39.x prior to 1.39.6, and 1.40.x prior to 1.40.2. The Special:EventDetails page allows XSS via the x-xss language setting for internationalization (i18n).
Mediawiki Mediawiki
5.4
CVSSv3
CVE-2024-23172
An issue exists in the CheckUser extension in MediaWiki prior to 1.35.14, 1.36.x up to and including 1.39.x prior to 1.39.6, and 1.40.x prior to 1.40.2. XSS can occur via message definitions. e.g., in SpecialCheckUserLog.
Mediawiki Mediawiki
6.1
CVSSv3
CVE-2024-23173
An issue exists in the Cargo extension in MediaWiki prior to 1.35.14, 1.36.x up to and including 1.39.x prior to 1.39.6, and 1.40.x prior to 1.40.2. The Special:Drilldown page allows XSS via artist, album, and position parameters because of applied filter values in drilldown/Carg...
Mediawiki Mediawiki
5.4
CVSSv3
CVE-2024-23174
An issue exists in the PageTriage extension in MediaWiki prior to 1.35.14, 1.36.x up to and including 1.39.x prior to 1.39.6, and 1.40.x prior to 1.40.2. XSS can occur via the rev-deleted-user, pagetriage-tags-quickfilter-label, pagetriage-triage, pagetriage-filter-date-range-for...
Mediawiki Mediawiki
6.1
CVSSv3
CVE-2023-51704
An issue exists in MediaWiki prior to 1.35.14, 1.36.x up to and including 1.39.x prior to 1.39.6, and 1.40.x prior to 1.40.2. In includes/logging/RightsLogFormatter.php, group-*-member messages can result in XSS on Special:log/rights.
Mediawiki Mediawiki
6.1
CVSSv3
CVE-2022-48614
Special:Ask in Semantic MediaWiki prior to 4.0.2 allows Reflected XSS.
Semantic-mediawiki Semantic Mediawiki
5.4
CVSSv3
CVE-2023-45360
An issue exists in MediaWiki prior to 1.35.12, 1.36.x up to and including 1.39.x prior to 1.39.5, and 1.40.x prior to 1.40.1. There is XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages. This is related to MediaWiki:Youhavenewmessagesfromusers.
Mediawiki Mediawiki 1.40.0
Mediawiki Mediawiki
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »