Search CVE reports


Toggle filters

1 – 10 of 256 results


CVE-2023-45361

Medium priority
Needs evaluation

An issue was discovered in VectorComponentUserLinks.php in the Vector Skin component in MediaWiki before 1.39.5 and 1.40.x before 1.40.1. vector-intro-page MalformedTitleException is uncaught if it is not a valid title, leading to...

1 affected packages

mediawiki

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mediawiki Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
Show less packages

CVE-2023-45359

Medium priority
Needs evaluation

An issue was discovered in the Vector Skin component for MediaWiki before 1.39.5 and 1.40.x before 1.40.1. vector-toc-toggle-button-label is not escaped, but should be, because the line param can have markup.

1 affected packages

mediawiki

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mediawiki Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
Show less packages

CVE-2024-47913

Medium priority
Needs evaluation

An issue was discovered in the AbuseFilter extension for MediaWiki before 1.39.9, 1.40.x and 1.41.x before 1.41.3, and 1.42.x before 1.42.2. An API caller can match a filter condition against AbuseFilter logs even if the caller is...

1 affected packages

mediawiki

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mediawiki Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-36123

Medium priority
Needs evaluation

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The page `MediaWiki:Tagline` has its contents used unescaped, so custom HTML (including Javascript) can be injected by someone with the ability to...

1 affected packages

mediawiki

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mediawiki Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-34507

Medium priority
Needs evaluation

An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. XSS can occur because of mishandling of the 0x1b character, as demonstrated by...

1 affected packages

mediawiki

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mediawiki Not affected Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-34506

Medium priority
Needs evaluation

An issue was discovered in includes/specials/SpecialMovePage.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. If a user with the necessary rights to move the page opens Special:MovePage for a page...

1 affected packages

mediawiki

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mediawiki Not affected Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-51704

Medium priority
Needs evaluation

An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. In includes/logging/RightsLogFormatter.php, group-*-member messages can result in XSS on Special:log/rights.

1 affected packages

mediawiki

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mediawiki Not affected Needs evaluation Needs evaluation Needs evaluation Ignored
Show less packages

CVE-2022-48614

Medium priority
Needs evaluation

Special:Ask in Semantic MediaWiki before 4.0.2 allows Reflected XSS.

1 affected packages

mediawiki

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mediawiki Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
Show less packages

CVE-2023-45362

Medium priority
Needs evaluation

An issue was discovered in DifferenceEngine.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. diff-multi-sameuser (aka "X intermediate revisions by the same user not shown") ignores...

1 affected packages

mediawiki

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mediawiki Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
Show less packages

CVE-2023-45360

Medium priority
Needs evaluation

An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages. This is related to...

1 affected packages

mediawiki

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mediawiki Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
Show less packages