NotCVE - vendor:"Mediawiki"

Page 3 of 392 results (0.002 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2024-23178

https://notcve.org/view.php?id=CVE-2024-23178

12 Jan 2024 — An issue was discovered in the Phonos extension in MediaWiki before 1.40.2. PhonosButton.js allows i18n-based XSS via the phonos-purge-needed-error message. Se descubrió un problema en la extensión Phonos en MediaWiki antes de la versión 1.40.2. PhonosButton.js permite XSS basado en i18n a través del mensaje de error phonos-purge-needed-error. • https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/message/TDBUBCCOQJUT4SCHJNPHKQNPBUUETY52 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2024-23179

https://notcve.org/view.php?id=CVE-2024-23179

12 Jan 2024 — An issue was discovered in the GlobalBlocking extension in MediaWiki before 1.40.2. For a Special:GlobalBlock?uselang=x-xss URI, i18n-based XSS can occur via the parentheses message. This affects subtitle links in buildSubtitleLinks. Se descubrió un problema en la extensión GlobalBlocking en MediaWiki antes de la versión 1.40.2. • https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/message/TDBUBCCOQJUT4SCHJNPHKQNPBUUETY52 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 1

CVE-2023-51704

https://notcve.org/view.php?id=CVE-2023-51704

22 Dec 2023 — An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. In includes/logging/RightsLogFormatter.php, group-*-member messages can result in XSS on Special:log/rights. Se descubrió un problema en MediaWiki antes de 1.35.14, 1.36.x hasta 1.39.x antes de 1.39.6 y 1.40.x antes de 1.40.2. En includes/logging/RightsLogFormatter.php, group-*-mensajes de miembros pueden generar XSS en Special:log/rights. • https://lists.debian.org/debian-lts-announce/2024/04/msg00018.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-48614

https://notcve.org/view.php?id=CVE-2022-48614

10 Dec 2023 — Special:Ask in Semantic MediaWiki before 4.0.2 allows Reflected XSS. Especial:Preguntar en Semantic MediaWiki antes de 4.0.2 permite Reflected XSS. • https://github.com/SemanticMediaWiki/SemanticMediaWiki/issues/5262 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2023-45359 – Debian Security Advisory 5520-1

https://notcve.org/view.php?id=CVE-2023-45359

11 Oct 2023 — An issue was discovered in the Vector Skin component for MediaWiki before 1.39.5 and 1.40.x before 1.40.1. vector-toc-toggle-button-label is not escaped, but should be, because the line param can have markup. Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting, denial of service or information disclosure. • https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/skins/Vector/+/c17b956e0750e051ac7c1098e3ff625f0db82b2c • CWE-116: Improper Encoding or Escaping of Output •

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1

CVE-2023-45360 – Debian Security Advisory 5520-1

https://notcve.org/view.php?id=CVE-2023-45360

11 Oct 2023 — An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages. This is related to MediaWiki:Youhavenewmessagesfromusers. Se descubrió un problema en MediaWiki antes de 1.35.12, 1.36.x hasta 1.39.x antes de 1.39.5 y 1.40.x antes de 1.40.1. Hay XSS en youhavenewmessagesmanyusers y youhavenewmessages i18n mensajes. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

CVE-2023-45361 – Debian Security Advisory 5520-1

https://notcve.org/view.php?id=CVE-2023-45361

11 Oct 2023 — An issue was discovered in VectorComponentUserLinks.php in the Vector Skin component in MediaWiki before 1.39.5 and 1.40.x before 1.40.1. vector-intro-page MalformedTitleException is uncaught if it is not a valid title, leading to incorrect web pages. Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting, denial of service or information disclosure. • https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/skins/Vector/+/2a452b7e2562cba32b8a17bc91dc5abb531f0a1c •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 1

CVE-2023-45362 – Debian Security Advisory 5520-1

https://notcve.org/view.php?id=CVE-2023-45362

11 Oct 2023 — An issue was discovered in DifferenceEngine.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. diff-multi-sameuser (aka "X intermediate revisions by the same user not shown") ignores username suppression. This is an information leak. Se descubrió un problema en DifferenceEngine.php en MediaWiki antes de 1.35.12, 1.36.x hasta 1.39.x antes de 1.39.5 y 1.40.x antes de 1.40.1. diff-multi-sameuser (también conocido como "X revisiones intermedias del mismo usuario no m... • https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html •

CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1

CVE-2023-45367

https://notcve.org/view.php?id=CVE-2023-45367

09 Oct 2023 — An issue was discovered in the CheckUser extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. A user can use a rest.php/checkuser/v0/useragent-clienthints/revision/ URL to store an arbitrary number of rows in cu_useragent_clienthints, leading to a denial of service. Se descubrió un problema en la extensión CheckUser para MediaWiki antes de 1.35.12, 1.36.x hasta 1.39.x antes de 1.39.5 y 1.40.x antes de 1.40.1. Un usuario puede usar una URL rest.php/checkuser/... • https://phabricator.wikimedia.org/T344923 •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

CVE-2023-45369

https://notcve.org/view.php?id=CVE-2023-45369

09 Oct 2023 — An issue was discovered in the PageTriage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. Usernames of hidden users are exposed. Se descubrió un problema en la extensión PageTriage para MediaWiki anterior a 1.35.12, 1.36.x a 1.39.x anterior a 1.39.5 y 1.40.x anterior a 1.40.1. Los nombres de usuario de usuarios ocultos están expuestos. • https://gerrit.wikimedia.org/r/c/mediawiki/extensions/PageTriage/+/960676 • CWE-732: Incorrect Permission Assignment for Critical Resource •

1 2 3 4 5