CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2023-22909
https://notcve.org/view.php?id=CVE-2023-22909
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. SpecialMobileHistory allows remote attackers to cause a denial of service because database queries are slow. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AP65YEN762IBNQPOYGUVLTQIDLM5XD2A https://phabricator.wikimedia.org/T320987 •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2021-44856
https://notcve.org/view.php?id=CVE-2021-44856
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. A title blocked by AbuseFilter can be created via Special:ChangeContentModel due to the mishandling of the EditFilterMergedContent hook return value. Se descubrió un problema en MediaWiki antes de 1.35.5, 1.36.x antes de 1.36.3 y 1.37.x antes de 1.37.1. Se puede crear un título bloqueado por AbuseFilter a través de Special:ChangeContentModel debido al mal manejo del valor de retorno del gancho EditFilterMergedContent. • https://phabricator.wikimedia.org/T271037 https://security.gentoo.org/glsa/202305-24 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 1CVE-2021-44855
https://notcve.org/view.php?id=CVE-2021-44855
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. There is Blind Stored XSS via a URL to the Upload Image feature. Se descubrió un problema en MediaWiki antes de 1.35.5, 1.36.x antes de 1.36.3 y 1.37.x antes de 1.37.1. Hay XSS almacenado a ciegas a través de una URL a la función Cargar imagen. • https://phabricator.wikimedia.org/T293589 https://security.gentoo.org/glsa/202305-24 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2021-44854
https://notcve.org/view.php?id=CVE-2021-44854
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis. Se descubrió un problema en MediaWiki antes de 1.35.5, 1.36.x antes de 1.36.3 y 1.37.x antes de 1.37.1. La API REST almacena en caché públicamente los resultados de wikis privados. • https://phabricator.wikimedia.org/T292763 https://security.gentoo.org/glsa/202305-24 •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-41765
https://notcve.org/view.php?id=CVE-2022-41765
An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. HTMLUserTextField exposes the existence of hidden users. Se descubrió un problema en MediaWiki antes de 1.35.8, 1.36.x y 1.37.x antes de 1.37.5 y 1.38.x antes de 1.38.3. HTMLUserTextField expone la existencia de usuarios ocultos. • https://phabricator.wikimedia.org/T309894 https://security.gentoo.org/glsa/202305-24 • CWE-203: Observable Discrepancy •