CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 1CVE-2023-22911
https://notcve.org/view.php?id=CVE-2023-22911
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. E-Widgets does widget replacement in HTML attributes, which can lead to XSS, because widget authors often do not expect that their widget is executed in an HTML attribute context. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AP65YEN762IBNQPOYGUVLTQIDLM5XD2A https://phabricator.wikimedia.org/T149488 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-41767
https://notcve.org/view.php?id=CVE-2022-41767
An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. When changes made by an IP address are reassigned to a user (using reassignEdits.php), the changes will still be attributed to the IP address on Special:Contributions when doing a range lookup. Se descubrió un problema en MediaWiki antes de 1.35.8, 1.36.x y 1.37.x antes de 1.37.5 y 1.38.x antes de 1.38.3. Cuando los cambios realizados por una dirección IP se reasignan a un usuario (usando reassignEdits.php), los cambios aún se atribuirán a la dirección IP en Especial: Contribuciones al realizar una búsqueda de rango. • https://phabricator.wikimedia.org/T316304 https://security.gentoo.org/glsa/202305-24 •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-41765
https://notcve.org/view.php?id=CVE-2022-41765
An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. HTMLUserTextField exposes the existence of hidden users. Se descubrió un problema en MediaWiki antes de 1.35.8, 1.36.x y 1.37.x antes de 1.37.5 y 1.38.x antes de 1.38.3. HTMLUserTextField expone la existencia de usuarios ocultos. • https://phabricator.wikimedia.org/T309894 https://security.gentoo.org/glsa/202305-24 • CWE-203: Observable Discrepancy •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2021-44854
https://notcve.org/view.php?id=CVE-2021-44854
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis. Se descubrió un problema en MediaWiki antes de 1.35.5, 1.36.x antes de 1.36.3 y 1.37.x antes de 1.37.1. La API REST almacena en caché públicamente los resultados de wikis privados. • https://phabricator.wikimedia.org/T292763 https://security.gentoo.org/glsa/202305-24 •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 1CVE-2021-44855
https://notcve.org/view.php?id=CVE-2021-44855
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. There is Blind Stored XSS via a URL to the Upload Image feature. Se descubrió un problema en MediaWiki antes de 1.35.5, 1.36.x antes de 1.36.3 y 1.37.x antes de 1.37.1. Hay XSS almacenado a ciegas a través de una URL a la función Cargar imagen. • https://phabricator.wikimedia.org/T293589 https://security.gentoo.org/glsa/202305-24 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •