120 matches found
The vulnerability of the CheckUser extension of the software environment for implementing MediaWiki’s hypertext environment allows a perpetrator to carry out cross-site scripting attacks.
The vulnerability of the CheckUser extension of the MediaWiki software environment exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks through message definitions. For...
The vulnerability of the CheckUser extension of the software environment for implementing MediaWiki’s hypertext environment allows a violator to cause a service failure.
The vulnerability of the CheckUser extension of the MediaWiki software environment relates to the use of the URL address rest.php/checkuser/v0/useragentclienthints/revision/, which is used to store any number of lines in cuuseragentclienthints. Exploiting this vulnerability could allow a maliciou...
BIT-MEDIAWIKI-2021-31553
An issue was discovered in the CheckUser extension for MediaWiki through 1.35.2. MediaWiki usernames with trailing whitespace could be stored in the culog database table such that denial of service occurred for certain CheckUser extension pages and functionality. For example, the attacker could...
BIT-MEDIAWIKI-2023-37300
An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden users...
BIT-MEDIAWIKI-2024-23172
An issue was discovered in the CheckUser extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via message definitions. e.g., in SpecialCheckUserLog...
CVE-2024-23172
An issue was discovered in the CheckUser extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via message definitions. e.g., in SpecialCheckUserLog...
PT-2024-2676 · Mediawiki +1 · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.35.14 MediaWiki versions 1.36.x through 1.39.x before 1.39.6 MediaWiki versions 1.40.x before 1.40.2 Description: An issue in the CheckUser extension allows XSS to occur via message definitions, for example, in...
Design/Logic Flaw
An issue was discovered in the CheckUser extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. A user can use a rest.php/checkuser/v0/useragent-clienthints/revision/ URL to store an arbitrary number of rows in cuuseragentclienthints, leading to a...
MediaWiki Security Breach
MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. MediaWiki suffers from a security vulnerability that stems from a CheckUser extension user can...
CVE-2023-37300
An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden users...
CVE-2023-37303
An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to block a user fails after a temporary browser hang and a DBQueryDisconnectedError error message...
Improper access control
An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden users...
UBUNTU-CVE-2023-37300
An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden users...
UBUNTU-CVE-2023-37303
An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to block a user fails after a temporary browser hang and a DBQueryDisconnectedError error message...
MediaWiki 安全漏洞
MediaWiki is a set of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems.CheckUser extension is one of the user information checking extensions. A security vulnerability...
PT-2023-25894 · Mediawiki +1 · Mediawiki Checkuser Extension +1
Name of the Vulnerable Software and Affected Versions: CheckUser extension for MediaWiki versions through 1.39.3 Description: An issue was discovered in certain situations where an attempt to block a user fails after a temporary browser hang and a DBQueryDisconnectedError error message...
PT-2023-25891 · Mediawiki +1 · Mediawiki +2
Name of the Vulnerable Software and Affected Versions: MediaWiki CheckUser extension versions through 1.39.3 Description: An issue was discovered in the "CheckUserLog API" in the CheckUser extension for MediaWiki. There is incorrect access control for visibility of hidden users. Recommendations:...
CVE-2023-37300
An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden users...
CVE-2023-37303
CVE-2023-37303 affects MediaWiki’s CheckUser extension up to 1.39.3, where attempting to block a user can hang the browser and trigger a DBQueryDisconnectedError, potentially impacting availability of user-blocking functionality. Connected advisories corroborate a vulnerability in MediaWiki-relat...
MediaWiki 安全漏洞
MediaWiki is a set of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems.CheckUser extension is one of the user information checking extensions. A security vulnerability...