Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mediawiki mediawiki vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2021-29483
ManageWiki is an extension to the MediaWiki project. The 'wikiconfig' API leaked the value of private configuration variables set through the ManageWiki variable to all users. This has been patched by https://github.com/miraheze/ManageWiki/compare/99f3b2c8af18...befb83c...
7.5
CVSSv3
CVE-2021-31555
An issue exists in the Oauth extension for MediaWiki up to and including 1.35.2. It did not validate the oarc_version (aka oauth_registered_consumer.oarc_version) parameter's length.
7.5
CVSSv3
CVE-2021-20270
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
Pygments Pygments
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 4.0
Redhat Openstack Platform 10.0
Redhat Software Collections -
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 8.0
Fedoraproject Fedora 33
Debian Debian Linux 9.0
Debian Debian Linux 10.0
1 Github repository
7.5
CVSSv3
CVE-2021-27291
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a ...
Pygments Pygments
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 32
Fedoraproject Fedora 33
7.5
CVSSv3
CVE-2020-29005
The API in the Push extension for MediaWiki up to and including 1.35 used cleartext for ApiPush credentials, allowing for potential information disclosure.
Mediawiki Mediawiki
7.5
CVSSv3
CVE-2020-35623
An issue exists in the CasAuth extension for MediaWiki up to and including 1.35.1. Due to improper username validation, it allowed user impersonation with trivial manipulations of certain characters within a given username. An ordinary user may be able to login as a "bureauc...
Mediawiki Mediawiki
7.5
CVSSv3
CVE-2020-35475
In MediaWiki prior to 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to change all userrights, and the table on the left side has unchangeable groups in ...
Mediawiki Mediawiki
Debian Debian Linux 10.0
Fedoraproject Fedora 33
7.5
CVSSv3
CVE-2020-26121
An issue exists in the FileImporter extension for MediaWiki prior to 1.34.4. An attacker can import a file even when the target page is protected against "page creation" and the attacker should not be able to create it. This occurs because of a mishandled distinction be...
Mediawiki Mediawiki
Fedoraproject Fedora 33
7.5
CVSSv3
CVE-2020-25869
An information leak exists in MediaWiki prior to 1.31.10 and 1.32.x up to and including 1.34.x prior to 1.34.4. Handling of actor ID does not necessarily use the correct database or correct wiki.
Mediawiki Mediawiki
Fedoraproject Fedora 33
7.5
CVSSv3
CVE-2020-25827
An issue exists in the OATHAuth extension in MediaWiki prior to 1.31.10 and 1.32.x up to and including 1.34.x prior to 1.34.4. For Wikis using OATHAuth on a farm/cluster (such as via CentralAuth), rate limiting of OATH tokens is only done on a single site level. Thus, multiple re...
Mediawiki Mediawiki
Fedoraproject Fedora 33
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »