Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mediawiki mediawiki vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2023-45364
An issue exists in includes/page/Article.php in MediaWiki 1.36.x up to and including 1.39.x prior to 1.39.5 and 1.40.x prior to 1.40.1. Deleted revision existence is leaked due to incorrect permissions being checked. This reveals that a given revision ID belonged to the given pag...
Mediawiki Mediawiki 1.40.0
Mediawiki Mediawiki
Debian Debian Linux 11.0
Debian Debian Linux 12.0
6.5
CVSSv3
CVE-2023-45367
An issue exists in the CheckUser extension for MediaWiki prior to 1.35.12, 1.36.x up to and including 1.39.x prior to 1.39.5, and 1.40.x prior to 1.40.1. A user can use a rest.php/checkuser/v0/useragent-clienthints/revision/ URL to store an arbitrary number of rows in cu_useragen...
Mediawiki Mediawiki 1.40.0
Mediawiki Mediawiki
7.3
CVSSv3
CVE-2023-3550
Mediawiki v1.40.0 does not validate namespaces used in XML files. Therefore, if the instance administrator allows XML file uploads, a remote attacker with a low-privileged user account can use this exploit to become an administrator by sending a malicious link to the instance adm...
Mediawiki Mediawiki 1.40.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
5.3
CVSSv3
CVE-2018-25089
A vulnerability was found in glb Meetup Tag Extension 0.1 on MediaWiki. It has been rated as problematic. This issue affects some unknown processing of the component Link Attribute Handler. The manipulation leads to use of web link to untrusted target with window.opener access. U...
Glb Meetup Tag 0.1
5.3
CVSSv3
CVE-2023-36674
An issue exists in MediaWiki prior to 1.35.11, 1.36.x up to and including 1.38.x prior to 1.38.7, 1.39.x prior to 1.39.4, and 1.40.x prior to 1.40.1. It is possible to bypass the Bad image list (aka badFile) by using the thumb parameter (aka Manualthumb) of the File syntax.
Mediawiki Mediawiki
Mediawiki Mediawiki 1.40.0
7.5
CVSSv3
CVE-2023-35333
MediaWiki PandocUpload Extension Remote Code Execution Vulnerability
Microsoft Pandocupload
5.3
CVSSv3
CVE-2023-37300
An issue exists in the CheckUserLog API in the CheckUser extension for MediaWiki up to and including 1.39.3. There is incorrect access control for visibility of hidden users.
Mediawiki Mediawiki
5.3
CVSSv3
CVE-2023-37301
An issue exists in SubmitEntityAction in Wikibase in MediaWiki up to and including 1.39.3. Because it doesn't use EditEntity for undo and restore, the intended interaction with AbuseFilter does not occur.
Mediawiki Mediawiki
6.1
CVSSv3
CVE-2023-37302
An issue exists in SiteLinksView.php in Wikibase in MediaWiki up to and including 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate (from resources/wikibase/templates.js) for quotes (which can be in a title attribute)...
Mediawiki Mediawiki
9.8
CVSSv3
CVE-2023-37303
An issue exists in the CheckUser extension for MediaWiki up to and including 1.39.3. In certain situations, an attempt to block a user fails after a temporary browser hang and a DBQueryDisconnectedError error message.
Mediawiki Mediawiki
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »