CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2015-10058 – Wikisource Category Browser index.php cross site scripting
https://notcve.org/view.php?id=CVE-2015-10058
17 Jan 2023 — A vulnerability, which was classified as problematic, was found in Wikisource Category Browser. This affects an unknown part of the file index.php. The manipulation of the argument lang leads to cross site scripting. It is possible to initiate the attack remotely. The patch is named 764f4e8ce3f9242637df77530c70ae8a2ec4b6a1. • https://github.com/wikisource/ws-cat-browser/commit/764f4e8ce3f9242637df77530c70ae8a2ec4b6a1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2022-47927 – Gentoo Linux Security Advisory 202305-24
https://notcve.org/view.php?id=CVE-2022-47927
12 Jan 2023 — An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. When installing with a pre-existing data directory that has weak permissions, the SQLite files are created with file mode 0644, i.e., world readable to local users. These files include credentials data. Se descubrió un problema en MediaWiki antes de 1.35.9, 1.36.x hasta 1.38.x antes de 1.38.5 y 1.39.x antes de 1.39.1. Al instalar con un directorio de datos preexistente que tiene permisos débile... • https://lists.debian.org/debian-lts-announce/2023/07/msg00011.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22945
https://notcve.org/view.php?id=CVE-2023-22945
11 Jan 2023 — In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users (blocked in ApiManageMentorList) to enroll as mentors or edit any of their mentorship-related properties. En la extensión GrowthExperiments para MediaWiki hasta la versión 1.39, la API growthmanagementorlist permite a los usuarios bloqueados (bloqueados en ApiManageMentorList) inscribirse como mentores o editar cualquiera de sus propiedades relacionadas con la tutoría. • https://gerrit.wikimedia.org/r/q/Id1b83fcd58eccb8b2dfea44a3ab2f72314860d88 • CWE-863: Incorrect Authorization •
CVSS: 6.4EPSS: 0%CPEs: 6EXPL: 1CVE-2023-22911
https://notcve.org/view.php?id=CVE-2023-22911
10 Jan 2023 — An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. E-Widgets does widget replacement in HTML attributes, which can lead to XSS, because widget authors often do not expect that their widget is executed in an HTML attribute context. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AP65YEN762IBNQPOYGUVLTQIDLM5XD2A • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2023-22909
https://notcve.org/view.php?id=CVE-2023-22909
10 Jan 2023 — An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. SpecialMobileHistory allows remote attackers to cause a denial of service because database queries are slow. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AP65YEN762IBNQPOYGUVLTQIDLM5XD2A •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-41767 – Gentoo Linux Security Advisory 202305-24
https://notcve.org/view.php?id=CVE-2022-41767
26 Dec 2022 — An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. When changes made by an IP address are reassigned to a user (using reassignEdits.php), the changes will still be attributed to the IP address on Special:Contributions when doing a range lookup. Se descubrió un problema en MediaWiki antes de 1.35.8, 1.36.x y 1.37.x antes de 1.37.5 y 1.38.x antes de 1.38.3. Cuando los cambios realizados por una dirección IP se reasignan a un usuario (usando reassignE... • https://phabricator.wikimedia.org/T316304 •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2021-44854 – Gentoo Linux Security Advisory 202305-24
https://notcve.org/view.php?id=CVE-2021-44854
26 Dec 2022 — An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis. Se descubrió un problema en MediaWiki antes de 1.35.5, 1.36.x antes de 1.36.3 y 1.37.x antes de 1.37.1. La API REST almacena en caché públicamente los resultados de wikis privados. Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service. • https://phabricator.wikimedia.org/T292763 •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-41765 – Gentoo Linux Security Advisory 202305-24
https://notcve.org/view.php?id=CVE-2022-41765
26 Dec 2022 — An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. HTMLUserTextField exposes the existence of hidden users. Se descubrió un problema en MediaWiki antes de 1.35.8, 1.36.x y 1.37.x antes de 1.37.5 y 1.38.x antes de 1.38.3. HTMLUserTextField expone la existencia de usuarios ocultos. Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service. • https://phabricator.wikimedia.org/T309894 • CWE-203: Observable Discrepancy •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2021-44856 – Gentoo Linux Security Advisory 202305-24
https://notcve.org/view.php?id=CVE-2021-44856
26 Dec 2022 — An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. A title blocked by AbuseFilter can be created via Special:ChangeContentModel due to the mishandling of the EditFilterMergedContent hook return value. Se descubrió un problema en MediaWiki antes de 1.35.5, 1.36.x antes de 1.36.3 y 1.37.x antes de 1.37.1. Se puede crear un título bloqueado por AbuseFilter a través de Special:ChangeContentModel debido al mal manejo del valor de retorno del gancho EditFilterMerge... • https://phabricator.wikimedia.org/T271037 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2021-44855 – Gentoo Linux Security Advisory 202305-24
https://notcve.org/view.php?id=CVE-2021-44855
26 Dec 2022 — An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. There is Blind Stored XSS via a URL to the Upload Image feature. Se descubrió un problema en MediaWiki antes de 1.35.5, 1.36.x antes de 1.36.3 y 1.37.x antes de 1.37.1. Hay XSS almacenado a ciegas a través de una URL a la función Cargar imagen. Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service. • https://phabricator.wikimedia.org/T293589 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •