Lucene search
K

120 matches found

Prion
Prion
added 2021/04/22 3:15 a.m.14 views

Format string

An issue was discovered in the CheckUser extension for MediaWiki through 1.35.2. MediaWiki usernames with trailing whitespace could be stored in the culog database table such that denial of service occurred for certain CheckUser extension pages and functionality. For example, the attacker could...

6.4CVSS6.4AI score0.014EPSS
Exploits0References7Affected Software1
Positive Technologies
Positive Technologies
added 2021/04/22 12:0 a.m.4 views

PT-2021-19424 · Mediawiki +1 · Checkuser Extension +2

Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.35.2 Description: An issue in the CheckUser extension allows MediaWiki usernames with trailing whitespace to be stored in the cu log database table, causing denial of service for certain CheckUser extension pages...

9.8CVSS6AI score0.03832EPSS
Exploits18References79
CNVD
CNVD
added 2020/03/20 12:0 a.m.4 views

Unspecified vulnerability in MediaWiki CheckUser extension

MediaWiki is a free and freely available web-based Wiki engine from the MediaWiki Wikimedia Foundation in the United States. The product can be used to deploy in-house knowledge management and content management systems. checkUser extension is one of the user information checking extensions. A...

5.3CVSS6.4AI score0.0087EPSS
Exploits0References1
OSV
OSV
added 2020/03/19 11:15 p.m.8 views

CVE-2019-16529

An issue was discovered in the CheckUser extension through 1.35.0 for MediaWiki. Oversighted edit summaries are still visible in CheckUser results in violation of MediaWiki's permissions model...

5.3CVSS6.9AI score
Exploits0References2
Cvelist
Cvelist
added 2019/10/29 3:41 p.m.26 views

CVE-2019-18611

An issue was discovered in the CheckUser extension through 1.34 for MediaWiki. Certain sensitive information within oversighted edit summaries made available via the MediaWiki API was potentially visible to users with various levels of access to this extension. Said users should not have been abl...

6.5AI score0.00926EPSS
Exploits0References2
CVE
CVE
added 2019/10/29 3:41 p.m.51 views

CVE-2019-18611

CVE-2019-18611 affects the MediaWiki CheckUser extension (up to v1.34). The issue enables certain sensitive information contained in oversighted edit summaries to be visible via the MediaWiki API to users with varying access levels. Underlying cause and impact are that confidentiality can be part...

6.5CVSS6.4AI score0.00926EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2016/08/05 12:0 a.m.24 views

MediaWiki < 1.19.24 / 1.23.9 / 1.24.2 Multiple Vulnerabilities

Binary data 9471.prm...

7.1CVSS7.3AI score0.02834EPSS
Exploits4References14
CNVD
CNVD
added 2015/04/14 12:0 a.m.5 views

MediaWiki Cross-Site Request Forgery Vulnerability (CNVD-2015-02413)

MediaWiki is a Wiki program. A cross-site request forgery vulnerability exists in the MediaWiki CheckUser extension. A remote attacker can exploit this vulnerability to retrieve sensitive user information...

6.8CVSS6.9AI score0.01103EPSS
Exploits0References1
NVD
NVD
added 2015/04/13 2:59 p.m.14 views

CVE-2015-2940

Cross-site request forgery CSRF vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certain users for requests that retrieve sensitive user information via unspecified vectors...

6.8CVSS6.6AI score0.01103EPSS
Exploits0References7
OSV
OSV
added 2015/04/13 2:59 p.m.7 views

CVE-2015-2940

Cross-site request forgery CSRF vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certain users for requests that retrieve sensitive user information via unspecified vectors...

6.5AI score
Exploits0References8
OSV
OSV
added 2015/04/13 2:59 p.m.2 views

DEBIAN-CVE-2015-2940

Cross-site request forgery CSRF vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certain users for requests that retrieve sensitive user information via unspecified vectors...

6.8CVSS6.8AI score0.01103EPSS
Exploits0References1
Prion
Prion
added 2015/04/13 2:59 p.m.9 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certain users for requests that retrieve sensitive user information via unspecified vectors...

6.8CVSS7.1AI score0.01103EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2015/04/13 2:59 p.m.20 views

CVE-2015-2940

Cross-site request forgery CSRF vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certain users for requests that retrieve sensitive user information via unspecified vectors...

6.8CVSS5.9AI score0.01103EPSS
Exploits0References3
OSV
OSV
added 2015/04/13 2:59 p.m.3 views

UBUNTU-CVE-2015-2940

Cross-site request forgery CSRF vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certain users for requests that retrieve sensitive user information via unspecified vectors...

6.8CVSS5.8AI score0.01103EPSS
Exploits0References4
CVE
CVE
added 2015/04/13 2:0 p.m.64 views

CVE-2015-2940

CVE-2015-2940 is a CSRF flaw in the MediaWiki CheckUser extension that can allow a remote attacker to hijack a user’s session and retrieve sensitive information. The connected advisories corroborate this as part of multiple vulnerabilities affecting MediaWiki, with remediation guidance to upgrade...

6.8CVSS6.6AI score0.01103EPSS
Exploits0References7Affected Software1
Debian CVE
Debian CVE
added 2015/04/13 2:0 p.m.28 views

CVE-2015-2940

Cross-site request forgery CSRF vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certain users for requests that retrieve sensitive user information via unspecified vectors...

6.8CVSS6.4AI score0.01103EPSS
Exploits0
Mageia
Mageia
added 2015/04/09 10:44 p.m.40 views

Updated mediawiki packages fix security vulnerabilities

Updated mediawiki packages fix security vulnerabilities: In MediaWiki before 1.23.9, one could circumvent the SVG MIME blacklist for embedded resources. This allowed an attacker to embed JavaScript in the SVG CVE-2015-2931. In MediaWiki before 1.23.9, the SVG filter to prevent injecting JavaScrip...

7.1CVSS6.3AI score0.0271EPSS
Exploits1References3
Prion
Prion
added 2013/10/11 9:55 p.m.22 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in api/ApiQueryCheckUser.php in the CheckUser extension for MediaWiki, possibly Checkuser before 2.3, allows remote attackers to hijack the authentication of arbitrary users for requests that "perform sensitive write actions" via unspecified vectors...

6.8CVSS7.7AI score0.00897EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2013/10/11 9:0 p.m.29 views

CVE-2013-4306

Cross-site request forgery CSRF vulnerability in api/ApiQueryCheckUser.php in the CheckUser extension for MediaWiki, possibly Checkuser before 2.3, allows remote attackers to hijack the authentication of arbitrary users for requests that "perform sensitive write actions" via unspecified vectors...

7.9AI score0.00897EPSS
Exploits0References7
CVE
CVE
added 2013/10/11 9:0 p.m.52 views

CVE-2013-4306

CVE-2013-4306 is a CSRF vulnerability in the CheckUser extension for MediaWiki (api/ApiQueryCheckUser.php), possibly affecting Checkuser before 2.3, allowing remote attackers to hijack user sessions for requests that perform sensitive write actions. Public documents confirm affected component and...

6.8CVSS7.8AI score0.00897EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder