CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 1CVE-2021-30156
https://notcve.org/view.php?id=CVE-2021-30156
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Special:Contributions can leak that a "hidden" user exists. Se detectó un problema en MediaWiki versiones anteriores a 1.31.12 y 1.32.xa 1.35.x versiones anteriores a 1.35.2. Special:Contributions pueden filtrar que un usuario "hidden" exista • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT https://phabricator.wikimedia.org/T276306 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1CVE-2021-30155
https://notcve.org/view.php?id=CVE-2021-30155
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. ContentModelChange does not check if a user has correct permissions to create and set the content model of a nonexistent page. Se detectó un problema en MediaWiki versiones anteriores a 1.31.12 y versiones 1.32.x hasta 1.35.x versiones anteriores a 1.35.2. La función ContentModelChange no comprueba si un usuario presenta permisos correctos para crear y ajustar el modelo de contenido de una página inexistente • https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT https://phabricator.wikimedia.org/T270988 https://security.gentoo.org/glsa/202107-40 https://www.debian.org/security/2021/dsa-4889 • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1CVE-2021-30152
https://notcve.org/view.php?id=CVE-2021-30152
An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through 1.35.x before 1.35.2. When using the MediaWiki API to "protect" a page, a user is currently able to protect to a higher level than they currently have permissions for. Se detectó un problema en MediaWiki versiones anteriores a 1.31.13 y versiones 1.32.x hasta 1.35.x versiones anteriores a 1.35.2. Cuando es usada la API de MediaWiki para "proteger" una página, un usuario actualmente puede proteger a un nivel más alto del que actualmente posee permisos • https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT https://phabricator.wikimedia.org/T270713 https://security.gentoo.org/glsa/202107-40 https://www.debian.org/security/2021/dsa-4889 • CWE-269: Improper Privilege Management •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 1CVE-2021-30154
https://notcve.org/view.php?id=CVE-2021-30154
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On Special:NewFiles, all the mediastatistics-header-* messages are output in HTML unescaped, leading to XSS. Se detectó un problema en MediaWiki versiones anteriores a 1.31.12 y versiones 1.32.x hasta 1.35.x anteriores a 1.35.2. En Special: NewFiles, todos los mensajes mediastatistics-header-* son generados en HTML sin escape, conllevando a una vulnerabilidad de tipo XSS • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT https://phabricator.wikimedia.org/T278014 https://security.gentoo.org/glsa/202107-40 https://www.debian.org/security/2021/dsa-4889 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 1CVE-2021-30157
https://notcve.org/view.php?id=CVE-2021-30157
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On ChangesList special pages such as Special:RecentChanges and Special:Watchlist, some of the rcfilters-filter-* label messages are output in HTML unescaped, leading to XSS. Se detectó un problema en MediaWiki versiones anteriores a 1.31.12 y versiones 1.32.x hasta 1.35.x versiones anteriores a 1.35.2. En las páginas especiales de ChangesList, como Special:RecentChanges y Special:Watchlist, algunos de los mensajes de etiqueta rcfilters-filter-* son generados en HTML sin escape, conllevando a una vulnerabilidad de tipo XSS • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT https://phabricator.wikimedia.org/T278058 https://security.gentoo.org/glsa/202107-40 https://www.debian.org/security/2021/dsa-4889 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •