NotCVE - vendor:"Mediawiki" product:"Mediawiki" version:" <= 1.35.0"

364 results (0.007 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2025-32700 – AbuseFilter log interfaces expose global private and hidden filters when central DB is not available

https://notcve.org/view.php?id=CVE-2025-32700

10 Apr 2025 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation AbuseFilter. This vulnerability is associated with program files includes/Api/QueryAbuseLog.Php, includes/Pager/AbuseLogPager.Php, includes/Special/SpecialAbuseLog.Php, includes/View/AbuseFilterViewExamine.Php. This issue affects AbuseFilter: from >= 1.43.0 before 1.43.1. Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in information disclosure, ... • https://phabricator.wikimedia.org/T389235 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.1EPSS: 0%CPEs: 6EXPL: 0

CVE-2025-32699 – Potential javascript injection attack enabled by Unicode normalization in Action API

https://notcve.org/view.php?id=CVE-2025-32699

10 Apr 2025 — Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid.This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1; Parsoid: before 0.16.5, 0.19.2, 0.20.2. Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in information disclosure, cross-site scripting or restriction bypass. • https://phabricator.wikimedia.org/T387130 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

CVE-2025-32698 – LogPager.php: Restriction enforcer functions do not correctly enforce suppression restrictions

https://notcve.org/view.php?id=CVE-2025-32698

10 Apr 2025 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/logging/LogPager.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1. Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in information disclosure, cross-site scripting or restriction bypass. • https://phabricator.wikimedia.org/T385958 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0

CVE-2025-32697 – Cascading protection is not preventing file reversions

https://notcve.org/view.php?id=CVE-2025-32697

10 Apr 2025 — Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/editpage/IntroMessageBuilder.Php, includes/Permissions/PermissionManager.Php, includes/Permissions/RestrictionStore.Php. This issue affects MediaWiki: before 1.42.6, 1.43.1. Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in information disclosure, cross-site scripting or restriction bypass. • https://phabricator.wikimedia.org/T140010 • CWE-281: Improper Preservation of Permissions •

CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0

CVE-2025-32696 – "reupload-own" restriction can be bypassed by reverting file

https://notcve.org/view.php?id=CVE-2025-32696

10 Apr 2025 — Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/actions/RevertAction.Php, includes/api/ApiFileRevert.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1. Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in information disclosure, cross-site scripting or restriction bypass. • https://phabricator.wikimedia.org/T304474 • CWE-281: Improper Preservation of Permissions •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2024-40600

https://notcve.org/view.php?id=CVE-2024-40600

06 Jul 2024 — An issue was discovered in the Metrolook skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries. Se descubrió un problema en el aspecto Metrolook para MediaWiki hasta la versión 1.42.1. Hay XSS almacenado a través de MediaWiki: entradas del menú de nivel superior de la barra lateral. • https://phabricator.wikimedia.org/T361449 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-40601

https://notcve.org/view.php?id=CVE-2024-40601

06 Jul 2024 — An issue was discovered in the MediaWikiChat extension for MediaWiki through 1.42.1. CSRF can occur in API modules. Se descubrió un problema en la extensión MediaWikiChat para MediaWiki hasta 1.42.1. Puede ocurrir CSRF en módulos API. • https://phabricator.wikimedia.org/T362588 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-40602

https://notcve.org/view.php?id=CVE-2024-40602

06 Jul 2024 — An issue was discovered in the Tempo skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries. Se descubrió un problema en el aspecto Tempo de MediaWiki hasta la versión 1.42.1. Hay XSS almacenado a través de MediaWiki: entradas del menú de nivel superior de la barra lateral. • https://phabricator.wikimedia.org/T361451 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-40603

https://notcve.org/view.php?id=CVE-2024-40603

06 Jul 2024 — An issue was discovered in the ArticleRatings extension for MediaWiki through 1.42.1. Special:ChangeRating allows CSRF to alter data via a GET request. Se descubrió un problema en la extensión ArticleRatings para MediaWiki hasta la versión 1.42.1. Especial: ChangeRating permite a CSRF modificar datos mediante una solicitud GET. • https://phabricator.wikimedia.org/T363884 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2024-40604

https://notcve.org/view.php?id=CVE-2024-40604

06 Jul 2024 — An issue was discovered in the Nimbus skin for MediaWiki through 1.42.1. There is Stored XSS via MediaWiki:Nimbus-sidebar menu and submenu entries. Se descubrió un problema en el aspecto Nimbus para MediaWiki hasta la versión 1.42.1. Hay XSS almacenado a través de MediaWiki: menú de la barra lateral de Nimbus y entradas del submenú. • https://phabricator.wikimedia.org/T361450 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1 2 3 4 5