Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wikimedia vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2019-19327
ui/ResultView.js in Wikibase Wikidata Query Service GUI prior to 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection when reporting the number of results and number of milliseconds. NOTE: this GUI code is no longer bundled with the Wikibase Wikidata Query Service snapshots, such as 0...
Wikimedia Wikidata Query Gui
Wikimedia Wikidata Query Gui 0.3.6
6.1
CVSSv3
CVE-2019-19328
ui/editor/tooltip/Rdf.js in Wikibase Wikidata Query Service GUI prior to 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection in tooltips for entities. NOTE: this GUI code is no longer bundled with the Wikibase Wikidata Query Service snapshots, such as 0.3.6-SNAPSHOT.
Wikimedia Wikidata Query Gui
Wikimedia Wikidata Query Gui 0.3.6
6.1
CVSSv3
CVE-2019-19329
In Wikibase Wikidata Query Service GUI prior to 0.3.6-SNAPSHOT 2019-11-07, when mathematical expressions in results are displayed directly, arbitrary JavaScript execution can occur, aka XSS. This was addressed by introducing MathJax as a new mathematics rendering engine. NOTE: th...
Wikimedia Wikidata Query Gui
Wikimedia Wikidata Query Gui 0.3.6
6.1
CVSSv3
CVE-2021-30458
An issue exists in Wikimedia Parsoid prior to 0.11.1 and 0.12.x prior to 0.12.2. An attacker can send crafted wikitext that Utils/WTUtils.php will transform by using a <meta> tag, bypassing sanitization steps, and potentially allowing for XSS.
Wikimedia Parsoid
6.1
CVSSv3
CVE-2018-25065
A vulnerability was found in Wikimedia mediawiki-extensions-I18nTags and classified as problematic. This issue affects some unknown processing of the file I18nTags_body.php of the component Unlike Parser. The manipulation leads to cross site scripting. The attack may be initiated...
Wikimedia Mediawiki-extensions-i18ntags
6.1
CVSSv3
CVE-2020-36324
Wikimedia Quarry analytics-quarry-web prior to 2020-12-15 allows Reflected XSS because app.py does not explicitly set the application/json content type.
Wikimedia Analytics-quarry-web
4.3
CVSSv3
CVE-2020-27621
The FileImporter extension in MediaWiki up to and including 1.35.0 was not properly attributing various user actions to a specific user's IP address. Instead, for various actions, it would report the IP address of an internal Wikimedia Foundation server by omitting X-Forward...
Mediawiki Mediawiki
8.8
CVSSv3
CVE-2019-12466
Wikimedia MediaWiki up to and including 1.32.1 allows CSRF.
Mediawiki Mediawiki
Debian Debian Linux 9.0
6.5
CVSSv3
CVE-2019-12470
Wikimedia MediaWiki up to and including 1.32.1 has Incorrect Access Control. Suppressed log in RevisionDelete page is exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
Mediawiki Mediawiki
Debian Debian Linux 9.0
9.8
CVSSv3
CVE-2019-12468
An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 up to and including 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover.
Mediawiki Mediawiki
Debian Debian Linux 9.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »