CVSS: 6.4EPSS: 0%CPEs: 6EXPL: 1CVE-2023-22911
https://notcve.org/view.php?id=CVE-2023-22911
10 Jan 2023 — An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. E-Widgets does widget replacement in HTML attributes, which can lead to XSS, because widget authors often do not expect that their widget is executed in an HTML attribute context. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AP65YEN762IBNQPOYGUVLTQIDLM5XD2A • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-41765 – Gentoo Linux Security Advisory 202305-24
https://notcve.org/view.php?id=CVE-2022-41765
26 Dec 2022 — An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. HTMLUserTextField exposes the existence of hidden users. Se descubrió un problema en MediaWiki antes de 1.35.8, 1.36.x y 1.37.x antes de 1.37.5 y 1.38.x antes de 1.38.3. HTMLUserTextField expone la existencia de usuarios ocultos. Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service. • https://phabricator.wikimedia.org/T309894 • CWE-203: Observable Discrepancy •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-41767 – Gentoo Linux Security Advisory 202305-24
https://notcve.org/view.php?id=CVE-2022-41767
26 Dec 2022 — An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. When changes made by an IP address are reassigned to a user (using reassignEdits.php), the changes will still be attributed to the IP address on Special:Contributions when doing a range lookup. Se descubrió un problema en MediaWiki antes de 1.35.8, 1.36.x y 1.37.x antes de 1.37.5 y 1.38.x antes de 1.38.3. Cuando los cambios realizados por una dirección IP se reasignan a un usuario (usando reassignE... • https://phabricator.wikimedia.org/T316304 •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2021-44854 – Gentoo Linux Security Advisory 202305-24
https://notcve.org/view.php?id=CVE-2021-44854
26 Dec 2022 — An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis. Se descubrió un problema en MediaWiki antes de 1.35.5, 1.36.x antes de 1.36.3 y 1.37.x antes de 1.37.1. La API REST almacena en caché públicamente los resultados de wikis privados. Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service. • https://phabricator.wikimedia.org/T292763 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2021-44855 – Gentoo Linux Security Advisory 202305-24
https://notcve.org/view.php?id=CVE-2021-44855
26 Dec 2022 — An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. There is Blind Stored XSS via a URL to the Upload Image feature. Se descubrió un problema en MediaWiki antes de 1.35.5, 1.36.x antes de 1.36.3 y 1.37.x antes de 1.37.1. Hay XSS almacenado a ciegas a través de una URL a la función Cargar imagen. Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service. • https://phabricator.wikimedia.org/T293589 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2021-44856 – Gentoo Linux Security Advisory 202305-24
https://notcve.org/view.php?id=CVE-2021-44856
26 Dec 2022 — An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. A title blocked by AbuseFilter can be created via Special:ChangeContentModel due to the mishandling of the EditFilterMergedContent hook return value. Se descubrió un problema en MediaWiki antes de 1.35.5, 1.36.x antes de 1.36.3 y 1.37.x antes de 1.37.1. Se puede crear un título bloqueado por AbuseFilter a través de Special:ChangeContentModel debido al mal manejo del valor de retorno del gancho EditFilterMerge... • https://phabricator.wikimedia.org/T271037 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2022-28203
https://notcve.org/view.php?id=CVE-2022-28203
19 Sep 2022 — A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. When many files exist, requesting Special:NewFiles with actor as a condition can result in a very long running query. Se ha detectado un problema de denegación de servicio en MediaWiki versiones anteriores a 1.35.6, 1.36.x anteriores a 1.36.4 y 1.37.x anteriores a 1.37.2. Cuando se presentan muchos archivos, la petición de Special:NewFiles con actor como condición puede resultar en una consul... • https://lists.debian.org/debian-lts-announce/2022/09/msg00027.html • CWE-763: Release of Invalid Pointer or Reference •
CVSS: 4.4EPSS: 0%CPEs: 5EXPL: 1CVE-2022-28201
https://notcve.org/view.php?id=CVE-2022-28201
19 Sep 2022 — An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Users with the editinterface permission can trigger infinite recursion, because a bare local interwiki is mishandled for the mainpage message. Se ha detectado un problema en MediaWiki versiones anteriores a 1.35.6, 1.36.x anteriores a 1.36.4 y 1.37.x anteriores a 1.37.2. Los usuarios con el permiso editinterface pueden desencadenar una recursión infinita, porque un interwiki local desnudo es manejado inapropi... • https://blog.legoktm.com/2022/07/03/a-belated-writeup-of-cve-2022-28201-in-mediawiki.html • CWE-674: Uncontrolled Recursion •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-39194
https://notcve.org/view.php?id=CVE-2022-39194
02 Sep 2022 — An issue was discovered in the MediaWiki through 1.38.2. The community configuration pages for the GrowthExperiments extension could cause a site to become unavailable due to insufficient validation when certain actions (including page moves) were performed. Se ha detectado un problema en MediaWiki versiones hasta 1.38.2. Las páginas de configuración de la comunidad para la extensión GrowthExperiments podían causar que un sitio no estuviera disponible debido a una comprobación insuficiente cuando son llevad... • https://phabricator.wikimedia.org/T313205 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-34911 – Gentoo Linux Security Advisory 202305-24
https://notcve.org/view.php?id=CVE-2022-34911
02 Jul 2022 — An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the page title to "Welcome" followed by the username, the username is not escaped: SpecialCreateAccount::successfulAction() calls ::showSuccessPage() with a message as second parameter, and OutputPage::setPageTitle() uses text(). Se ha detectado un problema en MediaWiki versiones ante... • https://lists.debian.org/debian-lts-announce/2022/09/msg00027.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •