CVE-2024-23172
https://notcve.org/view.php?id=CVE-2024-23172
An issue was discovered in the CheckUser extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via message definitions. e.g., in SpecialCheckUserLog. Se descubrió un problema en la extensión CheckUser en MediaWiki antes de 1.35.14, 1.36.x hasta 1.39.x antes de 1.39.6 y 1.40.x antes de 1.40.2. XSS puede ocurrir a través de definiciones de mensajes. por ejemplo, en SpecialCheckUserLog. • https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/989179 https://phabricator.wikimedia.org/T347708 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-51704
https://notcve.org/view.php?id=CVE-2023-51704
An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. In includes/logging/RightsLogFormatter.php, group-*-member messages can result in XSS on Special:log/rights. Se descubrió un problema en MediaWiki antes de 1.35.14, 1.36.x hasta 1.39.x antes de 1.39.6 y 1.40.x antes de 1.40.2. En includes/logging/RightsLogFormatter.php, group-*-mensajes de miembros pueden generar XSS en Special:log/rights. • https://lists.debian.org/debian-lts-announce/2024/04/msg00018.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY https://phabricator.wikimedia.org/T347726 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-48614
https://notcve.org/view.php?id=CVE-2022-48614
Special:Ask in Semantic MediaWiki before 4.0.2 allows Reflected XSS. Especial:Preguntar en Semantic MediaWiki antes de 4.0.2 permite Reflected XSS. • https://github.com/SemanticMediaWiki/SemanticMediaWiki/issues/5262 https://www.semantic-mediawiki.org/wiki/Semantic_MediaWiki_4.0.2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-45360
https://notcve.org/view.php?id=CVE-2023-45360
An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages. This is related to MediaWiki:Youhavenewmessagesfromusers. Se descubrió un problema en MediaWiki antes de 1.35.12, 1.36.x hasta 1.39.x antes de 1.39.5 y 1.40.x antes de 1.40.1. Hay XSS en youhavenewmessagesmanyusers y youhavenewmessages i18n mensajes. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY https://phabricator.wikimedia.org/T340221 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-45362
https://notcve.org/view.php?id=CVE-2023-45362
An issue was discovered in DifferenceEngine.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. diff-multi-sameuser (aka "X intermediate revisions by the same user not shown") ignores username suppression. This is an information leak. Se descubrió un problema en DifferenceEngine.php en MediaWiki antes de 1.35.12, 1.36.x hasta 1.39.x antes de 1.39.5 y 1.40.x antes de 1.40.1. diff-multi-sameuser (también conocido como "X revisiones intermedias del mismo usuario no mostradas") ignora la supresión del nombre de usuario. Esta es una filtración de información. • https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY https://phabricator.wikimedia.org/T341529 •