Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mediawiki mediawiki vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-29137
An issue exists in the GrowthExperiments extension for MediaWiki up to and including 1.39.3. The UserImpactHandler for GrowthExperiments inadvertently returns the timezone preference for arbitrary users, which can be used to de-anonymize users.
Mediawiki Mediawiki
NA
CVE-2023-29139
An issue exists in the CheckUser extension for MediaWiki up to and including 1.39.3. When a user with checkuserlog permissions makes many CheckUserLog API requests in some configurations, denial of service can occur (RequestTimeoutException or upstream request timeout).
Mediawiki Mediawiki
NA
CVE-2023-29140
An issue exists in the GrowthExperiments extension for MediaWiki up to and including 1.39.3. Attackers might be able to see edits for which the username has been hidden, because there is no check for rev_deleted.
Mediawiki Mediawiki
NA
CVE-2023-29141
An issue exists in MediaWiki prior to 1.35.10, 1.36.x up to and including 1.38.x prior to 1.38.6, and 1.39.x prior to 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header.
Mediawiki Mediawiki
Fedoraproject Fedora 37
NA
CVE-2015-10073
A vulnerability, which was classified as problematic, was found in tinymighty WikiSEO 1.2.1 on MediaWiki. This affects the function modifyHTML of the file WikiSEO.body.php of the component Meta Property Tag Handler. The manipulation of the argument content leads to cross site scr...
Tinymighty Wikiseo 1.2.1
NA
CVE-2017-20175
A vulnerability classified as problematic has been found in DaSchTour matomo-mediawiki-extension up to 2.4.2 on MediaWiki. This affects an unknown part of the file Piwik.hooks.php of the component Username Handler. The manipulation leads to cross site scripting. It is possible to...
Mediawiki Matomo
NA
CVE-2023-24612
The PdfBook extension up to and including 2.0.5 before b07b6a64 for MediaWiki allows command injection via an option.
Pdfbook Project Pdfbook
NA
CVE-2022-39193
An issue exists in the CheckUser extension for MediaWiki up to and including 1.39.x. Various components of this extension can expose information on the performer of edits and logged actions. This information should not allow public viewing: it is supposed to be viewable only by u...
Mediawiki Mediawiki 1.39.0
Mediawiki Mediawiki 1.39.1
NA
CVE-2023-22910
An issue exists in MediaWiki prior to 1.35.9, 1.36.x up to and including 1.38.x prior to 1.38.5, and 1.39.x prior to 1.39.1. There is XSS in Wikibase date formatting via wikibase-time-precision-* fields. This allows JavaScript execution by staff/admin users who do not intentional...
Mediawiki Mediawiki
Mediawiki Mediawiki 1.39.0
NA
CVE-2023-22912
An issue exists in MediaWiki prior to 1.35.9, 1.36.x up to and including 1.38.x prior to 1.38.5, and 1.39.x prior to 1.39.1. CheckUser TokenManager insecurely uses AES-CTR encryption with a repeated (aka re-used) nonce, allowing an adversary to decrypt.
Mediawiki Mediawiki
Mediawiki Mediawiki 1.39.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »