Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mediawiki mediawiki vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2021-44854
An issue exists in MediaWiki prior to 1.35.5, 1.36.x prior to 1.36.3, and 1.37.x prior to 1.37.1. The REST API publicly caches results from private wikis.
Mediawiki Mediawiki
Mediawiki Mediawiki 1.37.0
5.4
CVSSv3
CVE-2021-44855
An issue exists in MediaWiki prior to 1.35.5, 1.36.x prior to 1.36.3, and 1.37.x prior to 1.37.1. There is Blind Stored XSS via a URL to the Upload Image feature.
Mediawiki Mediawiki
Mediawiki Mediawiki 1.37.0
6.1
CVSSv3
CVE-2022-4561
A vulnerability classified as problematic has been found in SemanticDrilldown Extension. Affected is the function printFilterLine of the file includes/specials/SDBrowseDataPage.php of the component GET Parameter Handler. The manipulation of the argument value leads to cross site ...
Mediawiki Semantic Drilldown
4.3
CVSSv3
CVE-2022-23473
Tuleap is an Open Source Suite to improve management of software developments and collaboration. In versions before 14.2.99.148, Authorizations are not properly verified when accessing MediaWiki standalone resources. Users with read only permissions for pages are able to also edi...
Enalean Tuleap
4.8
CVSSv3
CVE-2022-42985
The ScratchLogin extension up to and including 1.1 for MediaWiki does not escape verification failure messages, which allows users with administrator privileges to perform cross-site scripting (XSS).
Scratch-wiki Scratch Login
5.4
CVSSv3
CVE-2021-42045
An issue exists in SecurePoll in the Growth extension in MediaWiki up to and including 1.36.2. Simple polls allow users to create alerts by changing their User-Agent HTTP header and submitting a vote.
Mediawiki Mediawiki
6.1
CVSSv3
CVE-2021-42046
An issue exists in the GlobalWatchlist extension in MediaWiki up to and including 1.36.2. The rev-deleted-user and ntimes messages were not properly escaped and allowed for users to inject HTML and JavaScript.
Mediawiki Mediawiki
5.4
CVSSv3
CVE-2021-42047
An issue exists in the Growth extension in MediaWiki up to and including 1.36.2. On any Wiki with the Mentor Dashboard feature enabled, users can login with a mentor account and trigger an XSS payload (such as alert) via Growthexperiments-mentor-dashboard-mentee-overview-no-js-fa...
Mediawiki Mediawiki
6.5
CVSSv3
CVE-2021-42049
An issue exists in the Translate extension in MediaWiki up to and including 1.36.2. Oversighters cannot undo revisions or oversight on pages where they suppressed information (such as PII). This allows oversighters to whitewash revisions.
Mediawiki Mediawiki
4.8
CVSSv3
CVE-2021-42048
An issue exists in the Growth extension in MediaWiki up to and including 1.36.2. Any admin can add arbitrary JavaScript code to the Newcomer home page footer, which can be executed by viewers with zero edits.
Mediawiki Mediawiki
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »