Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wikimedia vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2019-19327
ui/ResultView.js in Wikibase Wikidata Query Service GUI prior to 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection when reporting the number of results and number of milliseconds. NOTE: this GUI code is no longer bundled with the Wikibase Wikidata Query Service snapshots, such as 0...
Wikimedia Wikidata Query Gui
Wikimedia Wikidata Query Gui 0.3.6
383
VMScore
CVE-2019-19328
ui/editor/tooltip/Rdf.js in Wikibase Wikidata Query Service GUI prior to 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection in tooltips for entities. NOTE: this GUI code is no longer bundled with the Wikibase Wikidata Query Service snapshots, such as 0.3.6-SNAPSHOT.
Wikimedia Wikidata Query Gui
Wikimedia Wikidata Query Gui 0.3.6
383
VMScore
CVE-2019-19329
In Wikibase Wikidata Query Service GUI prior to 0.3.6-SNAPSHOT 2019-11-07, when mathematical expressions in results are displayed directly, arbitrary JavaScript execution can occur, aka XSS. This was addressed by introducing MathJax as a new mathematics rendering engine. NOTE: th...
Wikimedia Wikidata Query Gui
Wikimedia Wikidata Query Gui 0.3.6
383
VMScore
CVE-2021-30458
An issue exists in Wikimedia Parsoid prior to 0.11.1 and 0.12.x prior to 0.12.2. An attacker can send crafted wikitext that Utils/WTUtils.php will transform by using a <meta> tag, bypassing sanitization steps, and potentially allowing for XSS.
Wikimedia Parsoid
383
VMScore
CVE-2020-36324
Wikimedia Quarry analytics-quarry-web prior to 2020-12-15 allows Reflected XSS because app.py does not explicitly set the application/json content type.
Wikimedia Analytics-quarry-web
NA
CVE-2018-25065
A vulnerability was found in Wikimedia mediawiki-extensions-I18nTags and classified as problematic. This issue affects some unknown processing of the file I18nTags_body.php of the component Unlike Parser. The manipulation leads to cross site scripting. The attack may be initiated...
Wikimedia Mediawiki-extensions-i18ntags
356
VMScore
CVE-2020-27621
The FileImporter extension in MediaWiki up to and including 1.35.0 was not properly attributing various user actions to a specific user's IP address. Instead, for various actions, it would report the IP address of an internal Wikimedia Foundation server by omitting X-Forward...
Mediawiki Mediawiki
605
VMScore
CVE-2019-12466
Wikimedia MediaWiki up to and including 1.32.1 allows CSRF.
Mediawiki Mediawiki
Debian Debian Linux 9.0
356
VMScore
CVE-2019-12470
Wikimedia MediaWiki up to and including 1.32.1 has Incorrect Access Control. Suppressed log in RevisionDelete page is exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
Mediawiki Mediawiki
Debian Debian Linux 9.0
445
VMScore
CVE-2019-12474
Wikimedia MediaWiki 1.23.0 up to and including 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
Mediawiki Mediawiki
Debian Debian Linux 9.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »