CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

50 matches found

CVE•added 2024/02/08 10:46 p.m.•62 views

CVE-2024-25107

WikiDiscover, an extension for CreateWiki, contains an XSS vulnerability in Special:WikiDiscover where Language::date uses unescaped interface messages from MONTH/DAY translations, yielding unescaped output. Exploitation requires the (editinterface) right. The issue is addressed in commit 267e763...

6.1CVSS5.9AI score0.00218EPSS

Exploits0References3Affected Software1

CNNVD•added 2024/02/08 12:0 a.m.•2 views

WikiDiscover Cross-Site Scripting Vulnerability

WikiDiscover is a Miraheze open source extension for CreateWiki hosted farms. A cross-site scripting vulnerability exists in previous versions of WikiDiscover 267e763a0d7460f001693c42f67717a0fc3fd6bb. An attacker could exploit this vulnerability to perform cross-site scripting attacks...

6.1CVSS6.1AI score0.00218EPSS

Exploits0References4

NVD•added 2022/04/04 6:15 p.m.•5 views

CVE-2022-24813

CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. Without the patch for this issue, anonymous comments can be made using Special:RequestWikiQueue when sent directly via POST. A patch for this issue is available in the master branch of CreateWiki's GitHub repository...

5.3CVSS0.00234EPSS

Exploits0References3

Prion•added 2022/04/04 6:15 p.m.•9 views

Code injection

5CVSS5.3AI score0.00234EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2022/04/04 5:40 p.m.•4 views

CVE-2022-24813 Authentication Bypass Using an Alternate Path or Channel in CreateWiki

5.3CVSS5.3AI score0.00234EPSS

Exploits0References3

Cvelist•added 2022/04/04 5:40 p.m.•12 views

CVE-2022-24813 Authentication Bypass Using an Alternate Path or Channel in CreateWiki

5.3CVSS5.5AI score0.00234EPSS

Exploits0References3

CVE•added 2022/04/04 5:40 p.m.•68 views

CVE-2022-24813

Affected software: CreateWiki, the Miraheze MediaWiki extension for requesting and creating wikis. Issue: anonymous comments can be submitted via POST to Special:RequestWikiQueue due to missing access control. Evidence in connected sources shows a patch exists in the master branch of CreateWiki's...

5.3CVSS5.2AI score0.00234EPSS

Exploits0References3Affected Software1

OSV•added 2022/04/04 5:40 p.m.•11 views

CVE-2022-24813 Authentication Bypass Using an Alternate Path or Channel in CreateWiki

5.3CVSS5.5AI score0.00234EPSS

Exploits0References5

Positive Technologies•added 2022/04/04 12:0 a.m.•1 views

PT-2022-16893 · Miraheze · Createwiki

Name of the Vulnerable Software and Affected Versions: CreateWiki affected versions not specified Description: CreateWiki is Miraheze's MediaWiki extension for requesting and creating wikis. Without the patch for this issue, anonymous comments can be made using Special:RequestWikiQueue when sent...

5.3CVSS5AI score0.00234EPSS

Exploits0References7

CNNVD•added 2022/04/04 12:0 a.m.•2 views

CreateWiki 授权问题漏洞

CreateWiki is Miraheze's MediaWiki extension for requesting and creating wikis. A security vulnerability exists in CreateWiki that stems from the ability to use Special:RequestWikiQueue for anonymous comments when sent directly via POST...

5.3CVSS5.7AI score0.00234EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by