Page 7 of 274 results (0.003 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

An issue was discovered in the ProofreadPage (aka Proofread Page) extension for MediaWiki through 1.39.3. In includes/Page/PageContentHandler.php and includes/Page/PageDisplayHandler.php, hidden users can be exposed via public interfaces. • https://gerrit.wikimedia.org/r/q/Ibe5f8e25dea155bbd811a65833394c0d4b906a34 https://phabricator.wikimedia.org/T326952 • CWE-203: Observable Discrepancy •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden users. • https://gerrit.wikimedia.org/r/q/I993fdcae1fedb7dd543b35a477026bc727615b0a https://phabricator.wikimedia.org/T330968 • CWE-863: Incorrect Authorization •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

An issue was discovered in SubmitEntityAction in Wikibase in MediaWiki through 1.39.3. Because it doesn't use EditEntity for undo and restore, the intended interaction with AbuseFilter does not occur. • https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Wikibase/+/933663 https://phabricator.wikimedia.org/T250720 • CWE-326: Inadequate Encryption Strength •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to block a user fails after a temporary browser hang and a DBQueryDisconnectedError error message. • https://gerrit.wikimedia.org/r/q/I10a9273c542576b3f7bb38de68dcd2aa41cfb1b0 https://phabricator.wikimedia.org/T338276 • CWE-754: Improper Check for Unusual or Exceptional Conditions •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in the GoogleAnalyticsMetrics extension for MediaWiki through 1.39.3. The googleanalyticstrackurl parser function does not properly escape JavaScript in the onclick handler and does not prevent use of javascript: URLs. • https://phabricator.wikimedia.org/T333980 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •