Search CVE reports
1 – 10 of 256 results
CVE-2023-45361
Medium priorityAn issue was discovered in VectorComponentUserLinks.php in the Vector Skin component in MediaWiki before 1.39.5 and 1.40.x before 1.40.1. vector-intro-page MalformedTitleException is uncaught if it is not a valid title, leading to...
1 affected packages
mediawiki
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
mediawiki | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
CVE-2023-45359
Medium priorityAn issue was discovered in the Vector Skin component for MediaWiki before 1.39.5 and 1.40.x before 1.40.1. vector-toc-toggle-button-label is not escaped, but should be, because the line param can have markup.
1 affected packages
mediawiki
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
mediawiki | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
CVE-2024-47913
Medium priorityAn issue was discovered in the AbuseFilter extension for MediaWiki before 1.39.9, 1.40.x and 1.41.x before 1.41.3, and 1.42.x before 1.42.2. An API caller can match a filter condition against AbuseFilter logs even if the caller is...
1 affected packages
mediawiki
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
mediawiki | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
CVE-2024-36123
Medium priorityCitizen is a MediaWiki skin that makes extensions part of the cohesive experience. The page `MediaWiki:Tagline` has its contents used unescaped, so custom HTML (including Javascript) can be injected by someone with the ability to...
1 affected packages
mediawiki
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
mediawiki | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
CVE-2024-34507
Medium priorityAn issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. XSS can occur because of mishandling of the 0x1b character, as demonstrated by...
1 affected packages
mediawiki
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
mediawiki | Not affected | Needs evaluation | Needs evaluation | Needs evaluation | — |
CVE-2024-34506
Medium priorityAn issue was discovered in includes/specials/SpecialMovePage.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. If a user with the necessary rights to move the page opens Special:MovePage for a page...
1 affected packages
mediawiki
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
mediawiki | Not affected | Needs evaluation | Needs evaluation | Needs evaluation | — |
CVE-2023-51704
Medium priorityAn issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. In includes/logging/RightsLogFormatter.php, group-*-member messages can result in XSS on Special:log/rights.
1 affected packages
mediawiki
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
mediawiki | Not affected | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
CVE-2022-48614
Medium prioritySpecial:Ask in Semantic MediaWiki before 4.0.2 allows Reflected XSS.
1 affected packages
mediawiki
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
mediawiki | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
CVE-2023-45362
Medium priorityAn issue was discovered in DifferenceEngine.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. diff-multi-sameuser (aka "X intermediate revisions by the same user not shown") ignores...
1 affected packages
mediawiki
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
mediawiki | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
CVE-2023-45360
Medium priorityAn issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages. This is related to...
1 affected packages
mediawiki
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
mediawiki | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |