Lucene search
K

120 matches found

BDU FSTEC
BDU FSTEC
added 2024/04/10 12:0 a.m.8 views

The vulnerability of the CheckUser extension of the software environment for implementing MediaWiki’s hypertext environment allows a perpetrator to carry out cross-site scripting attacks.

The vulnerability of the CheckUser extension of the MediaWiki software environment exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks through message definitions. For...

5.5CVSS5.6AI score0.00474EPSS
Exploits1References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/04/09 12:0 a.m.7 views

The vulnerability of the CheckUser extension of the software environment for implementing MediaWiki’s hypertext environment allows a violator to cause a service failure.

The vulnerability of the CheckUser extension of the MediaWiki software environment relates to the use of the URL address rest.php/checkuser/v0/useragentclienthints/revision/, which is used to store any number of lines in cuuseragentclienthints. Exploiting this vulnerability could allow a maliciou...

6.8CVSS6.5AI score0.00543EPSS
Exploits1References3Affected Software2
OSV
OSV
added 2024/03/06 11:12 a.m.14 views

BIT-MEDIAWIKI-2021-31553

An issue was discovered in the CheckUser extension for MediaWiki through 1.35.2. MediaWiki usernames with trailing whitespace could be stored in the culog database table such that denial of service occurred for certain CheckUser extension pages and functionality. For example, the attacker could...

6.5CVSS6.4AI score0.014EPSS
Exploits0References8
OSV
OSV
added 2024/03/06 11:0 a.m.15 views

BIT-MEDIAWIKI-2023-37300

An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden users...

5.3CVSS5.2AI score0.00672EPSS
Exploits1References3
OSV
OSV
added 2024/03/06 10:56 a.m.21 views

BIT-MEDIAWIKI-2024-23172

An issue was discovered in the CheckUser extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via message definitions. e.g., in SpecialCheckUserLog...

5.4CVSS5.3AI score0.00474EPSS
Exploits1References3
NVD
NVD
added 2024/01/12 5:15 a.m.28 views

CVE-2024-23172

An issue was discovered in the CheckUser extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via message definitions. e.g., in SpecialCheckUserLog...

5.4CVSS5.3AI score0.00474EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/01/12 12:0 a.m.5 views

PT-2024-2676 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.35.14 MediaWiki versions 1.36.x through 1.39.x before 1.39.6 MediaWiki versions 1.40.x before 1.40.2 Description: An issue in the CheckUser extension allows XSS to occur via message definitions, for example, in...

5.5CVSS5.9AI score0.00474EPSS
Exploits1References10
Prion
Prion
added 2023/10/09 5:15 a.m.24 views

Design/Logic Flaw

An issue was discovered in the CheckUser extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. A user can use a rest.php/checkuser/v0/useragent-clienthints/revision/ URL to store an arbitrary number of rows in cuuseragentclienthints, leading to a...

4CVSS6.5AI score0.00543EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2023/10/09 12:0 a.m.6 views

MediaWiki Security Breach

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. MediaWiki suffers from a security vulnerability that stems from a CheckUser extension user can...

6.5CVSS6.8AI score0.00543EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2023/06/30 5:15 p.m.4 views

CVE-2023-37300

An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden users...

5.3CVSS6AI score0.00672EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2023/06/30 5:15 p.m.6 views

CVE-2023-37303

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to block a user fails after a temporary browser hang and a DBQueryDisconnectedError error message...

9.8CVSS7.3AI score0.00953EPSS
Exploits1References3
Prion
Prion
added 2023/06/30 5:15 p.m.20 views

Improper access control

An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden users...

5CVSS5.3AI score0.00672EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2023/06/30 5:15 p.m.1 views

UBUNTU-CVE-2023-37300

An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden users...

5.3CVSS5.8AI score0.00672EPSS
Exploits1References4
OSV
OSV
added 2023/06/30 5:15 p.m.2 views

UBUNTU-CVE-2023-37303

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to block a user fails after a temporary browser hang and a DBQueryDisconnectedError error message...

9.8CVSS7.3AI score0.00953EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/06/30 12:0 a.m.5 views

MediaWiki 安全漏洞

MediaWiki is a set of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems.CheckUser extension is one of the user information checking extensions. A security vulnerability...

5.3CVSS5.6AI score0.00672EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/06/30 12:0 a.m.4 views

PT-2023-25894 · Mediawiki +1 · Mediawiki Checkuser Extension +1

Name of the Vulnerable Software and Affected Versions: CheckUser extension for MediaWiki versions through 1.39.3 Description: An issue was discovered in certain situations where an attempt to block a user fails after a temporary browser hang and a DBQueryDisconnectedError error message...

9.8CVSS6.1AI score0.22699EPSS
Exploits27References106
Positive Technologies
Positive Technologies
added 2023/06/30 12:0 a.m.6 views

PT-2023-25891 · Mediawiki +1 · Mediawiki +2

Name of the Vulnerable Software and Affected Versions: MediaWiki CheckUser extension versions through 1.39.3 Description: An issue was discovered in the "CheckUserLog API" in the CheckUser extension for MediaWiki. There is incorrect access control for visibility of hidden users. Recommendations:...

9.8CVSS6.2AI score0.22699EPSS
Exploits27References106
UbuntuCve
UbuntuCve
added 2023/06/30 12:0 a.m.16 views

CVE-2023-37300

An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden users...

5.3CVSS6.1AI score0.00672EPSS
Exploits1References3
CVE
CVE
added 2023/06/30 12:0 a.m.60 views

CVE-2023-37303

CVE-2023-37303 affects MediaWiki’s CheckUser extension up to 1.39.3, where attempting to block a user can hang the browser and trigger a DBQueryDisconnectedError, potentially impacting availability of user-blocking functionality. Connected advisories corroborate a vulnerability in MediaWiki-relat...

9.8CVSS9.3AI score0.00953EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2023/06/30 12:0 a.m.5 views

MediaWiki 安全漏洞

MediaWiki is a set of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems.CheckUser extension is one of the user information checking extensions. A security vulnerability...

9.8CVSS8.1AI score0.00953EPSS
Exploits1References3
Rows per page
Query Builder