Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mediawiki mediawiki vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-23177
An issue exists in the WatchAnalytics extension in MediaWiki prior to 1.40.2. XSS can occur via the Special:PageStatistics page parameter.
Mediawiki Mediawiki
NA
CVE-2024-23178
An issue exists in the Phonos extension in MediaWiki prior to 1.40.2. PhonosButton.js allows i18n-based XSS via the phonos-purge-needed-error message.
Mediawiki Mediawiki
NA
CVE-2024-23179
An issue exists in the GlobalBlocking extension in MediaWiki prior to 1.40.2. For a Special:GlobalBlock?uselang=x-xss URI, i18n-based XSS can occur via the parentheses message. This affects subtitle links in buildSubtitleLinks.
Mediawiki Mediawiki
NA
CVE-2024-23171
An issue exists in the CampaignEvents extension in MediaWiki prior to 1.35.14, 1.36.x up to and including 1.39.x prior to 1.39.6, and 1.40.x prior to 1.40.2. The Special:EventDetails page allows XSS via the x-xss language setting for internationalization (i18n).
Mediawiki Mediawiki
NA
CVE-2024-23172
An issue exists in the CheckUser extension in MediaWiki prior to 1.35.14, 1.36.x up to and including 1.39.x prior to 1.39.6, and 1.40.x prior to 1.40.2. XSS can occur via message definitions. e.g., in SpecialCheckUserLog.
Mediawiki Mediawiki
NA
CVE-2024-23173
An issue exists in the Cargo extension in MediaWiki prior to 1.35.14, 1.36.x up to and including 1.39.x prior to 1.39.6, and 1.40.x prior to 1.40.2. The Special:Drilldown page allows XSS via artist, album, and position parameters because of applied filter values in drilldown/Carg...
Mediawiki Mediawiki
NA
CVE-2024-23174
An issue exists in the PageTriage extension in MediaWiki prior to 1.35.14, 1.36.x up to and including 1.39.x prior to 1.39.6, and 1.40.x prior to 1.40.2. XSS can occur via the rev-deleted-user, pagetriage-tags-quickfilter-label, pagetriage-triage, pagetriage-filter-date-range-for...
Mediawiki Mediawiki
NA
CVE-2023-51704
An issue exists in MediaWiki prior to 1.35.14, 1.36.x up to and including 1.39.x prior to 1.39.6, and 1.40.x prior to 1.40.2. In includes/logging/RightsLogFormatter.php, group-*-member messages can result in XSS on Special:log/rights.
Mediawiki Mediawiki
NA
CVE-2022-48614
Special:Ask in Semantic MediaWiki prior to 4.0.2 allows Reflected XSS.
Semantic-mediawiki Semantic Mediawiki
NA
CVE-2023-45360
An issue exists in MediaWiki prior to 1.35.12, 1.36.x up to and including 1.39.x prior to 1.39.5, and 1.40.x prior to 1.40.1. There is XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages. This is related to MediaWiki:Youhavenewmessagesfromusers.
Mediawiki Mediawiki 1.40.0
Mediawiki Mediawiki
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »