MediaWiki >= 2.4.2 < 3.3.1 Multiple Vulnerabilities

MediaWiki is prone to multiple vulnerabilities. Note: This VT has been deprecated as it had targeted the wrong product. It is therefore no longer functional. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

CVE-2025-49579

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. All system messages in menu headings using the Menu.mustache template are inserted as raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group h...

CVE-2025-49579

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. All system messages in menu headings using the Menu.mustache template are inserted as raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group h...

CVE-2025-49579

CVE-2025-49579 affects the Citizen MediaWiki skin. The vulnerability arises because all system messages in Menu.mustache are inserted as raw HTML, enabling stored XSS when a user with editinterface but lacking editsitejs can edit messages. Affected versions are prior to Citizen 3.3.1, with fixed ...

CVE-2025-49579 Citizen allows stored XSS in menu heading message

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. All system messages in menu headings using the Menu.mustache template are inserted as raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group h...

CVE-2025-49579

creationtimestamp| type| source ---|---|--- 2025-06-11 23:03:32+00:00| published-proof-of-concept| https://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-g3cp-pq72-hjpv 2025-06-12 19:33:48+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/18216...

Linux Distros Unpatched Vulnerability : CVE-2022-49579

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ipv4: Fix data-races around sysctlfibmultipathhashpolicy. While reading sysctlfibmultipathhashpolicy, it can be changed concurrently. Thus, we need to add...

CVE-2022-49579

In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix data-races around sysctlfibmultipathhashpolicy. While reading sysctlfibmultipathhashpolicy, it can be changed concurrently. Thus, we need to add READONCE to its readers...

CVE-2022-49579

In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix data-races around sysctlfibmultipathhashpolicy. While reading sysctlfibmultipathhashpolicy, it can be changed concurrently. Thus, we need to add READONCE to its readers...

CVE-2022-49579

CVE-2022-49579: In the Linux kernel, a data race around ipv4_fib_multipath_hash_policy was resolved by adding READ_ONCE() guards to readers of sysctl_fib_multipath_hash_policy. Affected component: kernel IPv4 multipath hash policy reader; root cause: concurrent modification during reads; impact: ...

CVE-2022-49579 ipv4: Fix data-races around sysctl_fib_multipath_hash_policy.

In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix data-races around sysctlfibmultipathhashpolicy. While reading sysctlfibmultipathhashpolicy, it can be changed concurrently. Thus, we need to add READONCE to its readers...

CVE-2024-49579

In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests...

JetBrains YouTrack < 2024.3.47197 Arbitrary Code Execution

The version of JetBrains YouTrack installed on the remote host is prior to 2024.3.47197. It is, therefore, affected by a vulnerability as referenced in the 2024347197 advisory. - Insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests JT-85294 Note that Nessus...

CVE-2024-49579

creationtimestamp| type| source ---|---|--- 2024-10-17 15:48:21+00:00| seen| https://t.me/cvedetector/8171...

CVE-2024-49579

JetBrains YouTrack prior to 2024.3.47197 is affected by CVE-2024-49579 due to insufficient validation of the iframe plugin communication channel, allowing arbitrary JavaScript execution and unauthorized API requests. The issue stems from the iframe plugin; attacker-controlled payloads could be ex...

CVE-2024-49579

In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests...

Adobe Reader U3D PCX解析远程代码执行漏洞

BUGTRAQ ID: 49579 CVE ID: CVE-2011-2437 Adobe Reader也被称为Acrobat Reader是美国Adobe公司开发的一款优秀的PDF文档阅读软件。Acrobat是1993年推出针对企业、技术人员和创意专业人士的系列产品，使智能文档的传送和协作更为灵活、可靠和安全。 Adobe Acrobat和Reader在实现上存在远程堆缓冲区溢出漏洞，远程攻击者可利用此漏洞以当前用户权限执行任意代码。...