Show filters
381 Total Results
Displaying 21-30 of 381
Sort by:
Attacker Value
Unknown
CVE-2023-51704
Disclosure Date: December 22, 2023 (last updated December 30, 2023)
An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. In includes/logging/RightsLogFormatter.php, group-*-member messages can result in XSS on Special:log/rights.
0
Attacker Value
Unknown
CVE-2022-48614
Disclosure Date: December 10, 2023 (last updated December 14, 2023)
Special:Ask in Semantic MediaWiki before 4.0.2 allows Reflected XSS.
0
Attacker Value
Unknown
CVE-2023-45362
Disclosure Date: November 03, 2023 (last updated November 14, 2023)
An issue was discovered in DifferenceEngine.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. diff-multi-sameuser (aka "X intermediate revisions by the same user not shown") ignores username suppression. This is an information leak.
0
Attacker Value
Unknown
CVE-2023-45360
Disclosure Date: November 03, 2023 (last updated November 10, 2023)
An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages. This is related to MediaWiki:Youhavenewmessagesfromusers.
0
Attacker Value
Unknown
CVE-2023-45374
Disclosure Date: October 09, 2023 (last updated October 13, 2023)
An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It does not check for the anti-CSRF edit token in Special:SportsTeamsManager and Special:UpdateFavoriteTeams.
0
Attacker Value
Unknown
CVE-2023-45373
Disclosure Date: October 09, 2023 (last updated October 13, 2023)
An issue was discovered in the ProofreadPage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. XSS can occur via formatNumNoSeparators.
0
Attacker Value
Unknown
CVE-2023-45372
Disclosure Date: October 09, 2023 (last updated October 13, 2023)
An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. During item merging, ItemMergeInteractor does not have an edit filter running (e.g., AbuseFilter).
0
Attacker Value
Unknown
CVE-2023-45371
Disclosure Date: October 09, 2023 (last updated October 13, 2023)
An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is no rate limit for merging items.
0
Attacker Value
Unknown
CVE-2023-45370
Disclosure Date: October 09, 2023 (last updated October 13, 2023)
An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. SportsTeams: Special:SportsManagerLogo and Special:SportsTeamsManagerLogo do not check for the sportsteamsmanager user right, and thus an attacker may be able to affect pages that are concerned with sports teams.
0
Attacker Value
Unknown
CVE-2023-45369
Disclosure Date: October 09, 2023 (last updated October 13, 2023)
An issue was discovered in the PageTriage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. Usernames of hidden users are exposed.
0
