Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mediawiki mediawiki vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-45360
An issue exists in MediaWiki prior to 1.35.12, 1.36.x up to and including 1.39.x prior to 1.39.5, and 1.40.x prior to 1.40.1. There is XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages. This is related to MediaWiki:Youhavenewmessagesfromusers.
Mediawiki Mediawiki 1.40.0
Mediawiki Mediawiki
4.3
CVSSv3
CVE-2023-45362
An issue exists in DifferenceEngine.php in MediaWiki prior to 1.35.12, 1.36.x up to and including 1.39.x prior to 1.39.5, and 1.40.x prior to 1.40.1. diff-multi-sameuser (aka "X intermediate revisions by the same user not shown") ignores username suppression. This is an...
Mediawiki Mediawiki 1.40.0
Mediawiki Mediawiki
NA
CVE-2023-45359
Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting, denial of service or information disclosure For the oldstable distribution (bullseye), these problems have been fixed in version 1:1.35.13-1...
NA
CVE-2023-45361
Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting, denial of service or information disclosure For the oldstable distribution (bullseye), these problems have been fixed in version 1:1.35.13-1...
4.3
CVSSv3
CVE-2023-45369
An issue exists in the PageTriage extension for MediaWiki prior to 1.35.12, 1.36.x up to and including 1.39.x prior to 1.39.5, and 1.40.x prior to 1.40.1. Usernames of hidden users are exposed.
Mediawiki Mediawiki 1.40.0
Mediawiki Mediawiki
5.3
CVSSv3
CVE-2023-45370
An issue exists in the SportsTeams extension for MediaWiki prior to 1.35.12, 1.36.x up to and including 1.39.x prior to 1.39.5, and 1.40.x prior to 1.40.1. SportsTeams: Special:SportsManagerLogo and Special:SportsTeamsManagerLogo do not check for the sportsteamsmanager user right...
Mediawiki Mediawiki 1.40.0
Mediawiki Mediawiki
7.5
CVSSv3
CVE-2023-45371
An issue exists in the Wikibase extension for MediaWiki prior to 1.35.12, 1.36.x up to and including 1.39.x prior to 1.39.5, and 1.40.x prior to 1.40.1. There is no rate limit for merging items.
Mediawiki Mediawiki 1.40.0
Mediawiki Mediawiki
5.3
CVSSv3
CVE-2023-45372
An issue exists in the Wikibase extension for MediaWiki prior to 1.35.12, 1.36.x up to and including 1.39.x prior to 1.39.5, and 1.40.x prior to 1.40.1. During item merging, ItemMergeInteractor does not have an edit filter running (e.g., AbuseFilter).
Mediawiki Mediawiki 1.40.0
Mediawiki Mediawiki
6.1
CVSSv3
CVE-2023-45373
An issue exists in the ProofreadPage extension for MediaWiki prior to 1.35.12, 1.36.x up to and including 1.39.x prior to 1.39.5, and 1.40.x prior to 1.40.1. XSS can occur via formatNumNoSeparators.
Mediawiki Mediawiki 1.40.0
Mediawiki Mediawiki
5.3
CVSSv3
CVE-2023-45374
An issue exists in the SportsTeams extension for MediaWiki prior to 1.35.12, 1.36.x up to and including 1.39.x prior to 1.39.5, and 1.40.x prior to 1.40.1. It does not check for the anti-CSRF edit token in Special:SportsTeamsManager and Special:UpdateFavoriteTeams.
Mediawiki Mediawiki 1.40.0
Mediawiki Mediawiki
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »