CVE-2022-34911
https://notcve.org/view.php?id=CVE-2022-34911
An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the page title to "Welcome" followed by the username, the username is not escaped: SpecialCreateAccount::successfulAction() calls ::showSuccessPage() with a message as second parameter, and OutputPage::setPageTitle() uses text(). Se ha detectado un problema en MediaWiki versiones anteriores a 1.35.7, 1.36.x y 1.37.x anteriores a 1.37.3, y 1.38.x anteriores a 1.38.1. Un ataque de tipo XSS puede ocurrir en configuraciones que permiten una carga útil de JavaScript en un nombre de usuario. • https://lists.debian.org/debian-lts-announce/2022/09/msg00027.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7N5ZBWLNNPZKFK7Q4KEHGCJ2YELQEUJP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKKOQXPYLMBSEVDHFS32BPBR3ZQJKY5B https://phabricator.wikimedia.org/T308471 https://security.gentoo.org/glsa/202305-24 https://www.debian.org/security/2022/dsa-5246 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-34912
https://notcve.org/view.php?id=CVE-2022-34912
An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won't be escaped. Se ha descubierto un problema en MediaWiki versiones anteriores a 1.37.3 y en versiones 1.38.x anteriores a 1.38.1. El contributions-title, usa en Special:Contributions, es usadao como título de la página sin escapar. • https://lists.debian.org/debian-lts-announce/2022/09/msg00027.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7N5ZBWLNNPZKFK7Q4KEHGCJ2YELQEUJP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKKOQXPYLMBSEVDHFS32BPBR3ZQJKY5B https://phabricator.wikimedia.org/T308473 https://security.gentoo.org/glsa/202305-24 https://www.debian.org/security/2022/dsa-5246 •
CVE-2022-34750
https://notcve.org/view.php?id=CVE-2022-34750
An issue was discovered in MediaWiki through 1.38.1. The lemma length of a Wikibase lexeme is currently capped at a thousand characters. Unfortunately, this length is not validated, allowing much larger lexemes to be created, which introduces various denial-of-service attack vectors within the Wikibase and WikibaseLexeme extensions. This is related to Special:NewLexeme and Special:NewProperty. Se ha detectado un problema en MediaWiki versiones hasta 1.38.1. • https://gerrit.wikimedia.org/r/q/I8171bfef73e525d73efa60b407ce147130ea4742 https://gerrit.wikimedia.org/r/q/Id89a9b08e40f075d2d422cafd03668dff3ce7fc9 https://phabricator.wikimedia.org/T308659 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2022-28323
https://notcve.org/view.php?id=CVE-2022-28323
An issue was discovered in MediaWiki through 1.37.2. The SecurePoll extension allows a leak because sorting by timestamp is supported, Se ha detectado un problema en MediaWiki versiones hasta 1.37.2. La extensión SecurePoll permite un filtrado porque es admitida una ordenación por marca de tiempo • https://gerrit.wikimedia.org/r/q/93758c4c13b972d240a6313e0472df1667118893 https://gerrit.wikimedia.org/r/q/I9d3b9a942ea71d777ec32121fa36262f549d283d https://phabricator.wikimedia.org/T298434 •
CVE-2022-29903
https://notcve.org/view.php?id=CVE-2022-29903
The Private Domains extension for MediaWiki through 1.37.2 (before 1ad65d4c1c199b375ea80988d99ab51ae068f766) allows CSRF for editing pages that store the extension's configuration. The attacker must trigger a POST request to Special:PrivateDomains. La extensión Private Domains para MediaWiki versiones hasta 1.37.2, (anteriores a 1ad65d4c1c199b375ea80988d99ab51ae068f766) permite una vulnerabilidad de tipo CSRF para la edición de páginas que almacenan la configuración de la extensión. El atacante debe lanzar una petición POST a Special:PrivateDomains • https://gerrit.wikimedia.org/r/c/mediawiki/extensions/PrivateDomains/+/783416 https://phabricator.wikimedia.org/T306290 • CWE-352: Cross-Site Request Forgery (CSRF) •