Search CVE reports


Toggle filters

101 – 110 of 345 results


CVE-2023-45363

Medium priority
Needs evaluation

An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException)...

1 affected package

mediawiki

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mediawiki Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
Show less packages

CVE-2023-3550

Medium priority
Needs evaluation

Mediawiki v1.40.0 does not validate namespaces used in XML files. Therefore, if the instance administrator allows XML file uploads, a remote attacker with a low-privileged user account can use this exploit to become an...

1 affected package

mediawiki

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mediawiki Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
Show less packages

CVE-2023-36674

Medium priority
Needs evaluation

An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list (aka badFile) by using the thumb parameter (aka...

1 affected package

mediawiki

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mediawiki Not affected Not affected Needs evaluation Ignored Ignored
Show less packages

CVE-2023-37305

Medium priority
Needs evaluation

An issue was discovered in the ProofreadPage (aka Proofread Page) extension for MediaWiki through 1.39.3. In includes/Page/PageContentHandler.php and includes/Page/PageDisplayHandler.php, hidden users can be exposed via public interfaces.

1 affected package

mediawiki

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mediawiki Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
Show less packages

CVE-2023-37304

Medium priority
Needs evaluation

An issue was discovered in the DoubleWiki extension for MediaWiki through 1.39.3. includes/DoubleWiki.php allows XSS via the column alignment feature.

1 affected package

mediawiki

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mediawiki Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
Show less packages

CVE-2023-37303

Medium priority
Needs evaluation

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to block a user fails after a temporary browser hang and a DBQueryDisconnectedError error message.

1 affected package

mediawiki

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mediawiki Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
Show less packages

CVE-2023-37302

Medium priority
Needs evaluation

An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate (from resources/wikibase/templates.js)...

1 affected package

mediawiki

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mediawiki Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
Show less packages

CVE-2023-37301

Medium priority
Needs evaluation

An issue was discovered in SubmitEntityAction in Wikibase in MediaWiki through 1.39.3. Because it doesn't use EditEntity for undo and restore, the intended interaction with AbuseFilter does not occur.

1 affected package

mediawiki

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mediawiki Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
Show less packages

CVE-2023-37300

Medium priority
Needs evaluation

An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden users.

1 affected package

mediawiki

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mediawiki Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
Show less packages

CVE-2023-36675

Medium priority
Needs evaluation

An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature.

1 affected package

mediawiki

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mediawiki Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
Show less packages