CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-45474
https://notcve.org/view.php?id=CVE-2021-45474
24 Dec 2021 — In MediaWiki through 1.37, the Special:ImportFile URI (aka FileImporter) allows XSS, as demonstrated by the clientUrl parameter. En MediaWiki versiones hasta 1.37, el URI Special:ImportFile (también conocido como FileImporter) permite el XSS, como lo demuestra el parámetro clientUrl • https://gerrit.wikimedia.org/r/q/Id1c8910aeac5b452fbabeddab70360765518223e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-44858 – Gentoo Linux Security Advisory 202305-24
https://notcve.org/view.php?id=CVE-2021-44858
20 Dec 2021 — An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. It is possible to use action=edit&undo= followed by action=mcrundo and action=mcrrestore to view private pages on a private wiki that has at least one page set in $wgWhitelistRead. Se ha detectado un problema en MediaWiki versiones anteriores a 1.35.5, 1.36.x versiones anteriores a 1.36.3 y 1.37.x versiones anteriores a 1.37.1. Es posible usar action=edit&undo= seguido de action=mcrundo y action=mcrrestor... • https://phabricator.wikimedia.org/T297322 • CWE-276: Incorrect Default Permissions •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-45038 – Gentoo Linux Security Advisory 202305-24
https://notcve.org/view.php?id=CVE-2021-45038
17 Dec 2021 — An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. By using an action=rollback query, attackers can view private wiki contents. Se ha detectado un problema en MediaWiki versiones anteriores a versión 1.35.5, versiones 1.36.x anteriores a 1.36.3 y versiones 1.37.x anteriores a 1.37.1. Usando una consulta action=rollback, los atacantes pueden visualizar contenidos privados del wiki Multiple security issues were discovered in MediaWiki, a website engine actions ... • https://phabricator.wikimedia.org/T297574 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-44857 – Gentoo Linux Security Advisory 202305-24
https://notcve.org/view.php?id=CVE-2021-44857
17 Dec 2021 — An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. It is possible to use action=mcrundo followed by action=mcrrestore to replace the content of any arbitrary page (that the user doesn't have edit rights for). This applies to any public wiki, or a private wiki that has at least one page set in $wgWhitelistRead. Se ha detectado un problema en MediaWiki versiones anteriores a 1.35.5, versiones 1.36.x anteriores a 1.36.3 y versiones 1.37.x anteriores a 1.37.1. Es... • https://phabricator.wikimedia.org/T297322 • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-41801 – Debian Security Advisory 4979-1
https://notcve.org/view.php?id=CVE-2021-41801
11 Oct 2021 — The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. When a user is blocked after submitting a replace job, the job is still run, even if it may be run at a later time (due to the job queue backlog) La extensión ReplaceText hasta la 1.41 para MediaWiki presenta un Control de Acceso Incorrecto. Cuando un usuario está bloqueado después de enviar un trabajo de reemplazo, el trabajo se sigue ejecutando, incluso si es posible ejecutar en un momento posterior (debido a una cola de es... • https://lists.wikimedia.org/hyperkitty/list/wikitech-l%40lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5 •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 1CVE-2021-41798 – Gentoo Linux Security Advisory 202305-24
https://notcve.org/view.php?id=CVE-2021-41798
11 Oct 2021 — MediaWiki before 1.36.2 allows XSS. Month related MediaWiki messages are not escaped before being used on the Special:Search results page. MediaWiki versiones anteriores a 1.36.2, permite una vulnerabilidad de tipo XSS. Los mensajes de MediaWiki relacionados con el mes no se escapan antes de ser usados en la página de resultados Special:Search Multiple security issues were found in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting, denial of service and a bypass ... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-41800 – Gentoo Linux Security Advisory 202305-24
https://notcve.org/view.php?id=CVE-2021-41800
11 Oct 2021 — MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled. MediaWiki versiones anteriores a 1.36.2, permite una denegación de servicio (consumo de recursos debido a un largo tiempo de procesamiento de consultas). Visitando Special:Contributions puede resultar a veces en una consulta SQL de larga duración porque la protección de... • https://github.com/wikimedia/mediawiki/commit/781caf83dba90c18349f930bbaaa0e89f003f874 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-41799 – Gentoo Linux Security Advisory 202305-24
https://notcve.org/view.php?id=CVE-2021-41799
11 Oct 2021 — MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). ApiQueryBacklinks (action=query&list=backlinks) can cause a full table scan. MediaWiki versiones anteriores a 1.36.2, permite una denegación de servicio (consumo de recursos debido a un largo tiempo de procesamiento de la consulta). ApiQueryBacklinks (action=query&list=backlinks) puede causar un escaneo completo de la tabla Multiple security issues were found in MediaWiki, a website engine... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42045
https://notcve.org/view.php?id=CVE-2021-42045
06 Oct 2021 — An issue was discovered in SecurePoll in the Growth extension in MediaWiki through 1.36.2. Simple polls allow users to create alerts by changing their User-Agent HTTP header and submitting a vote. Se ha detectado un problema en SecurePoll en la extensión Growth en MediaWiki versiones hasta 1.36.2. Las encuestas simples permiten a los usuarios crear alertas cambiando su encabezado HTTP User-Agent y enviando un voto • https://gerrit.wikimedia.org/r/q/I4f04083cd00884d3b85245460774c81c7639a578 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42046
https://notcve.org/view.php?id=CVE-2021-42046
06 Oct 2021 — An issue was discovered in the GlobalWatchlist extension in MediaWiki through 1.36.2. The rev-deleted-user and ntimes messages were not properly escaped and allowed for users to inject HTML and JavaScript. Se ha detectado un problema en la extensión GlobalWatchlist de MediaWiki versiones hasta 1.36.2. Los mensajes rev-deleted-user y ntimes no son escapados apropiadamente y permitían a usuarios inyectar HTML y JavaScript • https://gerrit.wikimedia.org/r/q/Ib7f9b009730fe0df283cec1169f84c7a83a58b1d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •