Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mediawiki mediawiki vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2023-29137
An issue exists in the GrowthExperiments extension for MediaWiki up to and including 1.39.3. The UserImpactHandler for GrowthExperiments inadvertently returns the timezone preference for arbitrary users, which can be used to de-anonymize users.
Mediawiki Mediawiki
6.5
CVSSv3
CVE-2023-29139
An issue exists in the CheckUser extension for MediaWiki up to and including 1.39.3. When a user with checkuserlog permissions makes many CheckUserLog API requests in some configurations, denial of service can occur (RequestTimeoutException or upstream request timeout).
Mediawiki Mediawiki
5.3
CVSSv3
CVE-2023-29140
An issue exists in the GrowthExperiments extension for MediaWiki up to and including 1.39.3. Attackers might be able to see edits for which the username has been hidden, because there is no check for rev_deleted.
Mediawiki Mediawiki
9.8
CVSSv3
CVE-2023-29141
An issue exists in MediaWiki prior to 1.35.10, 1.36.x up to and including 1.38.x prior to 1.38.6, and 1.39.x prior to 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header.
Mediawiki Mediawiki
Fedoraproject Fedora 37
9.6
CVSSv3
CVE-2015-10073
A vulnerability, which was classified as problematic, was found in tinymighty WikiSEO 1.2.1 on MediaWiki. This affects the function modifyHTML of the file WikiSEO.body.php of the component Meta Property Tag Handler. The manipulation of the argument content leads to cross site scr...
Tinymighty Wikiseo 1.2.1
6.1
CVSSv3
CVE-2017-20175
A vulnerability classified as problematic has been found in DaSchTour matomo-mediawiki-extension up to 2.4.2 on MediaWiki. This affects an unknown part of the file Piwik.hooks.php of the component Username Handler. The manipulation leads to cross site scripting. It is possible to...
Mediawiki Matomo
9.8
CVSSv3
CVE-2023-24612
The PdfBook extension up to and including 2.0.5 before b07b6a64 for MediaWiki allows command injection via an option.
Pdfbook Project Pdfbook
5.3
CVSSv3
CVE-2022-39193
An issue exists in the CheckUser extension for MediaWiki up to and including 1.39.x. Various components of this extension can expose information on the performer of edits and logged actions. This information should not allow public viewing: it is supposed to be viewable only by u...
Mediawiki Mediawiki 1.39.0
Mediawiki Mediawiki 1.39.1
5.4
CVSSv3
CVE-2023-22910
An issue exists in MediaWiki prior to 1.35.9, 1.36.x up to and including 1.38.x prior to 1.38.5, and 1.39.x prior to 1.39.1. There is XSS in Wikibase date formatting via wikibase-time-precision-* fields. This allows JavaScript execution by staff/admin users who do not intentional...
Mediawiki Mediawiki
Mediawiki Mediawiki 1.39.0
5.3
CVSSv3
CVE-2023-22912
An issue exists in MediaWiki prior to 1.35.9, 1.36.x up to and including 1.38.x prior to 1.38.5, and 1.39.x prior to 1.39.1. CheckUser TokenManager insecurely uses AES-CTR encryption with a repeated (aka re-used) nonce, allowing an adversary to decrypt.
Mediawiki Mediawiki
Mediawiki Mediawiki 1.39.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »