Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mediawiki mediawiki vulnerabilities and exploits
(subscribe to this query)
4.4
CVSSv3
CVE-2022-28201
An issue exists in MediaWiki prior to 1.35.6, 1.36.x prior to 1.36.4, and 1.37.x prior to 1.37.2. Users with the editinterface permission can trigger infinite recursion, because a bare local interwiki is mishandled for the mainpage message.
Mediawiki Mediawiki
Debian Debian Linux 10.0
Debian Debian Linux 11.0
7.5
CVSSv3
CVE-2022-28203
A denial-of-service issue exists in MediaWiki prior to 1.35.6, 1.36.x prior to 1.36.4, and 1.37.x prior to 1.37.2. When many files exist, requesting Special:NewFiles with actor as a condition can result in a very long running query.
Mediawiki Mediawiki
Debian Debian Linux 10.0
Debian Debian Linux 11.0
7.5
CVSSv3
CVE-2022-28204
A denial-of-service issue exists in MediaWiki 1.37.x prior to 1.37.2. Rendering of w/index.php?title=Special%3AWhatLinksHere&target=Property%3AP31&namespace=1&invert=1 can take more than thirty seconds. There is a DDoS risk.
Mediawiki Mediawiki
4.9
CVSSv3
CVE-2022-39194
An issue exists in the MediaWiki up to and including 1.38.2. The community configuration pages for the GrowthExperiments extension could cause a site to become unavailable due to insufficient validation when certain actions (including page moves) were performed.
Mediawiki Mediawiki
6.1
CVSSv3
CVE-2022-34911
An issue exists in MediaWiki prior to 1.35.7, 1.36.x and 1.37.x prior to 1.37.3, and 1.38.x prior to 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the page title to "Welcome" followed by the u...
Mediawiki Mediawiki 1.38.0
Mediawiki Mediawiki
Fedoraproject Fedora 36
Fedoraproject Fedora 37
6.1
CVSSv3
CVE-2022-34912
An issue exists in MediaWiki prior to 1.37.3 and 1.38.x prior to 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won't be escaped.
Mediawiki Mediawiki 1.38.0
Mediawiki Mediawiki
Fedoraproject Fedora 36
Fedoraproject Fedora 37
7.5
CVSSv3
CVE-2022-34750
An issue exists in MediaWiki up to and including 1.38.1. The lemma length of a Wikibase lexeme is currently capped at a thousand characters. Unfortunately, this length is not validated, allowing much larger lexemes to be created, which introduces various denial-of-service attack ...
Mediawiki Mediawiki
7.7
CVSSv3
CVE-2022-31090
Guzzle, an extensible PHP HTTP client. `Authorization` headers on requests are sensitive information. In affected versions when using our Curl handler, it is possible to use the `CURLOPT_HTTPAUTH` option to specify an `Authorization` header. On making a request which responds wit...
Guzzlephp Guzzle
Debian Debian Linux 11.0
7.7
CVSSv3
CVE-2022-31091
Guzzle, an extensible PHP HTTP client. `Authorization` and `Cookie` headers on requests are sensitive information. In affected versions on making a request which responds with a redirect to a URI with a different port, if we choose to follow it, we should remove the `Authorizatio...
Guzzlephp Guzzle
Debian Debian Linux 11.0
7.5
CVSSv3
CVE-2022-31042
Guzzle is an open source PHP HTTP client. In affected versions the `Cookie` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, or on making a request to a server w...
Guzzlephp Guzzle
Drupal Drupal
Drupal Drupal 9.4.0
Debian Debian Linux 11.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »