CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-34502
https://notcve.org/view.php?id=CVE-2024-34502
05 May 2024 — An issue was discovered in WikibaseLexeme in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. Loading Special:MergeLexemes will (attempt to) make an edit that merges the from-id to the to-id, even if the request was not a POST request, and even if it does not contain an edit token. Se descubrió un problema en WikibaseLexeme en MediaWiki antes de 1.39.6, 1.40.x antes de 1.40.2 y 1.41.x antes de 1.41.1. Cargando especial: MergeLexemes (intentará) realizar una edición que combine el ID ... • https://gerrit.wikimedia.org/r/c/mediawiki/extensions/WikibaseLexeme/+/1013359 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-34506
https://notcve.org/view.php?id=CVE-2024-34506
05 May 2024 — An issue was discovered in includes/specials/SpecialMovePage.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. If a user with the necessary rights to move the page opens Special:MovePage for a page with tens of thousands of subpages, then the page will exceed the maximum request time, leading to a denial of service. Se descubrió un problema en include/specials/SpecialMovePage.php en MediaWiki antes de 1.39.7, 1.40.x antes de 1.40.3 y 1.41.x antes de 1.41.1. Si un usuario con lo... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-34507
https://notcve.org/view.php?id=CVE-2024-34507
05 May 2024 — An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. XSS can occur because of mishandling of the 0x1b character, as demonstrated by Special:RecentChanges#%1b0000000. Se descubrió un problema en include/CommentFormatter/CommentParser.php en MediaWiki antes de 1.39.7, 1.40.x antes de 1.40.3 y 1.41.x antes de 1.41.1. XSS puede ocurrir debido a un mal manejo del carácter 0x1b, como lo demuestra Special:RecentChanges#%1... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-29134
https://notcve.org/view.php?id=CVE-2023-29134
27 Mar 2024 — An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. There is mishandling of backticks to smartSplit. Se descubrió un problema en la extensión Cargo para MediaWiki hasta la versión 1.39.3. Hay un mal manejo de las comillas invertidas en smartSplit. • https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/895774 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2024-23171
https://notcve.org/view.php?id=CVE-2024-23171
12 Jan 2024 — An issue was discovered in the CampaignEvents extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:EventDetails page allows XSS via the x-xss language setting for internationalization (i18n). Se descubrió un problema en la extensión CampaignEvents en MediaWiki antes de 1.35.14, 1.36.x hasta 1.39.x antes de 1.39.6 y 1.40.x antes de 1.40.2. La página Special:EventDetails permite XSS a través de la configuración de idioma x-xss para la internacionali... • https://gerrit.wikimedia.org/r/q/I70d71c409193e904684dfb706d424b0a815fa6f6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2024-23172
https://notcve.org/view.php?id=CVE-2024-23172
12 Jan 2024 — An issue was discovered in the CheckUser extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via message definitions. e.g., in SpecialCheckUserLog. Se descubrió un problema en la extensión CheckUser en MediaWiki antes de 1.35.14, 1.36.x hasta 1.39.x antes de 1.39.6 y 1.40.x antes de 1.40.2. XSS puede ocurrir a través de definiciones de mensajes. por ejemplo, en SpecialCheckUserLog. • https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/989179 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 1CVE-2024-23173
https://notcve.org/view.php?id=CVE-2024-23173
12 Jan 2024 — An issue was discovered in the Cargo extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:Drilldown page allows XSS via artist, album, and position parameters because of applied filter values in drilldown/CargoAppliedFilter.php. Se descubrió un problema en la extensión Cargo en MediaWiki antes de 1.35.14, 1.36.x hasta 1.39.x antes de 1.39.6 y 1.40.x antes de 1.40.2. La página Special:Drilldown permite XSS a través de los parámetros artist, album y... • https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/965214 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2024-23174
https://notcve.org/view.php?id=CVE-2024-23174
12 Jan 2024 — An issue was discovered in the PageTriage extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via the rev-deleted-user, pagetriage-tags-quickfilter-label, pagetriage-triage, pagetriage-filter-date-range-format-placeholder, pagetriage-filter-date-range-to, pagetriage-filter-date-range-from, pagetriage-filter-date-range-heading, pagetriage-filter-set-button, or pagetriage-filter-reset-button message. Se descubrió un problema en la extensión PageT... • https://gerrit.wikimedia.org/r/c/mediawiki/extensions/PageTriage/+/989177 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-23177
https://notcve.org/view.php?id=CVE-2024-23177
12 Jan 2024 — An issue was discovered in the WatchAnalytics extension in MediaWiki before 1.40.2. XSS can occur via the Special:PageStatistics page parameter. Se descubrió un problema en la extensión WatchAnalytics en MediaWiki antes de la versión 1.40.2. XSS puede ocurrir a través del parámetro de página Special:PageStatistics. • https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/message/TDBUBCCOQJUT4SCHJNPHKQNPBUUETY52 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-23178
https://notcve.org/view.php?id=CVE-2024-23178
12 Jan 2024 — An issue was discovered in the Phonos extension in MediaWiki before 1.40.2. PhonosButton.js allows i18n-based XSS via the phonos-purge-needed-error message. Se descubrió un problema en la extensión Phonos en MediaWiki antes de la versión 1.40.2. PhonosButton.js permite XSS basado en i18n a través del mensaje de error phonos-purge-needed-error. • https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/message/TDBUBCCOQJUT4SCHJNPHKQNPBUUETY52 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •