120 matches found
Format string
An issue was discovered in the CheckUser extension for MediaWiki through 1.35.2. MediaWiki usernames with trailing whitespace could be stored in the culog database table such that denial of service occurred for certain CheckUser extension pages and functionality. For example, the attacker could...
PT-2021-19424 · Mediawiki +1 · Checkuser Extension +2
Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.35.2 Description: An issue in the CheckUser extension allows MediaWiki usernames with trailing whitespace to be stored in the cu log database table, causing denial of service for certain CheckUser extension pages...
Unspecified vulnerability in MediaWiki CheckUser extension
MediaWiki is a free and freely available web-based Wiki engine from the MediaWiki Wikimedia Foundation in the United States. The product can be used to deploy in-house knowledge management and content management systems. checkUser extension is one of the user information checking extensions. A...
CVE-2019-16529
An issue was discovered in the CheckUser extension through 1.35.0 for MediaWiki. Oversighted edit summaries are still visible in CheckUser results in violation of MediaWiki's permissions model...
CVE-2019-18611
An issue was discovered in the CheckUser extension through 1.34 for MediaWiki. Certain sensitive information within oversighted edit summaries made available via the MediaWiki API was potentially visible to users with various levels of access to this extension. Said users should not have been abl...
CVE-2019-18611
CVE-2019-18611 affects the MediaWiki CheckUser extension (up to v1.34). The issue enables certain sensitive information contained in oversighted edit summaries to be visible via the MediaWiki API to users with varying access levels. Underlying cause and impact are that confidentiality can be part...
MediaWiki < 1.19.24 / 1.23.9 / 1.24.2 Multiple Vulnerabilities
Binary data 9471.prm...
MediaWiki Cross-Site Request Forgery Vulnerability (CNVD-2015-02413)
MediaWiki is a Wiki program. A cross-site request forgery vulnerability exists in the MediaWiki CheckUser extension. A remote attacker can exploit this vulnerability to retrieve sensitive user information...
CVE-2015-2940
Cross-site request forgery CSRF vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certain users for requests that retrieve sensitive user information via unspecified vectors...
CVE-2015-2940
Cross-site request forgery CSRF vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certain users for requests that retrieve sensitive user information via unspecified vectors...
DEBIAN-CVE-2015-2940
Cross-site request forgery CSRF vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certain users for requests that retrieve sensitive user information via unspecified vectors...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certain users for requests that retrieve sensitive user information via unspecified vectors...
CVE-2015-2940
Cross-site request forgery CSRF vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certain users for requests that retrieve sensitive user information via unspecified vectors...
UBUNTU-CVE-2015-2940
Cross-site request forgery CSRF vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certain users for requests that retrieve sensitive user information via unspecified vectors...
CVE-2015-2940
CVE-2015-2940 is a CSRF flaw in the MediaWiki CheckUser extension that can allow a remote attacker to hijack a user’s session and retrieve sensitive information. The connected advisories corroborate this as part of multiple vulnerabilities affecting MediaWiki, with remediation guidance to upgrade...
CVE-2015-2940
Cross-site request forgery CSRF vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certain users for requests that retrieve sensitive user information via unspecified vectors...
Updated mediawiki packages fix security vulnerabilities
Updated mediawiki packages fix security vulnerabilities: In MediaWiki before 1.23.9, one could circumvent the SVG MIME blacklist for embedded resources. This allowed an attacker to embed JavaScript in the SVG CVE-2015-2931. In MediaWiki before 1.23.9, the SVG filter to prevent injecting JavaScrip...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in api/ApiQueryCheckUser.php in the CheckUser extension for MediaWiki, possibly Checkuser before 2.3, allows remote attackers to hijack the authentication of arbitrary users for requests that "perform sensitive write actions" via unspecified vectors...
CVE-2013-4306
Cross-site request forgery CSRF vulnerability in api/ApiQueryCheckUser.php in the CheckUser extension for MediaWiki, possibly Checkuser before 2.3, allows remote attackers to hijack the authentication of arbitrary users for requests that "perform sensitive write actions" via unspecified vectors...
CVE-2013-4306
CVE-2013-4306 is a CSRF vulnerability in the CheckUser extension for MediaWiki (api/ApiQueryCheckUser.php), possibly affecting Checkuser before 2.3, allowing remote attackers to hijack user sessions for requests that perform sensitive write actions. Public documents confirm affected component and...