Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mediawiki mediawiki vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-22912
An issue exists in MediaWiki prior to 1.35.9, 1.36.x up to and including 1.38.x prior to 1.38.5, and 1.39.x prior to 1.39.1. CheckUser TokenManager insecurely uses AES-CTR encryption with a repeated (aka re-used) nonce, allowing an adversary to decrypt.
Mediawiki Mediawiki
Mediawiki Mediawiki 1.39.0
NA
CVE-2015-10058
A vulnerability, which was classified as problematic, was found in Wikisource Category Browser. This affects an unknown part of the file index.php. The manipulation of the argument lang leads to cross site scripting. It is possible to initiate the attack remotely. The patch is na...
Mediawiki Wikisource Category Browser
NA
CVE-2022-47927
An issue exists in MediaWiki prior to 1.35.9, 1.36.x up to and including 1.38.x prior to 1.38.5, and 1.39.x prior to 1.39.1. When installing with a pre-existing data directory that has weak permissions, the SQLite files are created with file mode 0644, i.e., world readable to loc...
Mediawiki Mediawiki
Mediawiki Mediawiki 1.39.0
Fedoraproject Fedora 37
NA
CVE-2023-22945
In the GrowthExperiments extension for MediaWiki up to and including 1.39, the growthmanagementorlist API allows blocked users (blocked in ApiManageMentorList) to enroll as mentors or edit any of their mentorship-related properties.
Mediawiki Mediawiki
Fedoraproject Fedora 37
NA
CVE-2023-22909
An issue exists in MediaWiki prior to 1.35.9, 1.36.x up to and including 1.38.x prior to 1.38.5, and 1.39.x prior to 1.39.1. SpecialMobileHistory allows remote malicious users to cause a denial of service because database queries are slow.
Mediawiki Mediawiki
Mediawiki Mediawiki 1.39.0
Fedoraproject Fedora 37
NA
CVE-2023-22911
An issue exists in MediaWiki prior to 1.35.9, 1.36.x up to and including 1.38.x prior to 1.38.5, and 1.39.x prior to 1.39.1. E-Widgets does widget replacement in HTML attributes, which can lead to XSS, because widget authors often do not expect that their widget is executed in an...
Mediawiki Mediawiki
Mediawiki Mediawiki 1.39.0
Fedoraproject Fedora 37
NA
CVE-2018-25065
A vulnerability was found in Wikimedia mediawiki-extensions-I18nTags and classified as problematic. This issue affects some unknown processing of the file I18nTags_body.php of the component Unlike Parser. The manipulation leads to cross site scripting. The attack may be initiated...
Wikimedia Mediawiki-extensions-i18ntags
NA
CVE-2021-44856
An issue exists in MediaWiki prior to 1.35.5, 1.36.x prior to 1.36.3, and 1.37.x prior to 1.37.1. A title blocked by AbuseFilter can be created via Special:ChangeContentModel due to the mishandling of the EditFilterMergedContent hook return value.
Mediawiki Mediawiki
Mediawiki Mediawiki 1.37.0
NA
CVE-2022-41767
An issue exists in MediaWiki prior to 1.35.8, 1.36.x and 1.37.x prior to 1.37.5, and 1.38.x prior to 1.38.3. When changes made by an IP address are reassigned to a user (using reassignEdits.php), the changes will still be attributed to the IP address on Special:Contributions when...
Mediawiki Mediawiki
NA
CVE-2022-41765
An issue exists in MediaWiki prior to 1.35.8, 1.36.x and 1.37.x prior to 1.37.5, and 1.38.x prior to 1.38.3. HTMLUserTextField exposes the existence of hidden users.
Mediawiki Mediawiki
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »