Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mediawiki mediawiki vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-45363
An issue exists in ApiPageSet.php in MediaWiki prior to 1.35.12, 1.36.x up to and including 1.39.x prior to 1.39.5, and 1.40.x prior to 1.40.1. It allows malicious users to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to ot...
Mediawiki Mediawiki 1.40.0
Mediawiki Mediawiki
Debian Debian Linux 11.0
Debian Debian Linux 12.0
NA
CVE-2023-45364
An issue exists in includes/page/Article.php in MediaWiki 1.36.x up to and including 1.39.x prior to 1.39.5 and 1.40.x prior to 1.40.1. Deleted revision existence is leaked due to incorrect permissions being checked. This reveals that a given revision ID belonged to the given pag...
Mediawiki Mediawiki 1.40.0
Mediawiki Mediawiki
Debian Debian Linux 11.0
Debian Debian Linux 12.0
NA
CVE-2023-45367
An issue exists in the CheckUser extension for MediaWiki prior to 1.35.12, 1.36.x up to and including 1.39.x prior to 1.39.5, and 1.40.x prior to 1.40.1. A user can use a rest.php/checkuser/v0/useragent-clienthints/revision/ URL to store an arbitrary number of rows in cu_useragen...
Mediawiki Mediawiki 1.40.0
Mediawiki Mediawiki
NA
CVE-2023-3550
Mediawiki v1.40.0 does not validate namespaces used in XML files. Therefore, if the instance administrator allows XML file uploads, a remote attacker with a low-privileged user account can use this exploit to become an administrator by sending a malicious link to the instance adm...
Mediawiki Mediawiki 1.40.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
NA
CVE-2018-25089
A vulnerability was found in glb Meetup Tag Extension 0.1 on MediaWiki. It has been rated as problematic. This issue affects some unknown processing of the component Link Attribute Handler. The manipulation leads to use of web link to untrusted target with window.opener access. U...
Glb Meetup Tag 0.1
NA
CVE-2023-36674
An issue exists in MediaWiki prior to 1.35.11, 1.36.x up to and including 1.38.x prior to 1.38.7, 1.39.x prior to 1.39.4, and 1.40.x prior to 1.40.1. It is possible to bypass the Bad image list (aka badFile) by using the thumb parameter (aka Manualthumb) of the File syntax.
Mediawiki Mediawiki
Mediawiki Mediawiki 1.40.0
NA
CVE-2023-35333
MediaWiki PandocUpload Extension Remote Code Execution Vulnerability
Microsoft Pandocupload
NA
CVE-2023-37300
An issue exists in the CheckUserLog API in the CheckUser extension for MediaWiki up to and including 1.39.3. There is incorrect access control for visibility of hidden users.
Mediawiki Mediawiki
NA
CVE-2023-37301
An issue exists in SubmitEntityAction in Wikibase in MediaWiki up to and including 1.39.3. Because it doesn't use EditEntity for undo and restore, the intended interaction with AbuseFilter does not occur.
Mediawiki Mediawiki
NA
CVE-2023-37302
An issue exists in SiteLinksView.php in Wikibase in MediaWiki up to and including 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate (from resources/wikibase/templates.js) for quotes (which can be in a title attribute)...
Mediawiki Mediawiki
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »