File Entity (fieldable files) - Moderately critical - Cross Site Scripting, Access bypass - SA-CONTRIB-2024-001

File entity provides interfaces for managing files. It also extends the core file entity, allowing files to be fieldable, grouped into types, viewed using display modes and formatted using field formatters. The module previously did not sufficiently validate files under the scenario of a file...

CVE-2015-2937

MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM or Zend PHP, allows remote attackers to cause a denial of service "quadratic blowup" and memory consumption via an XML file containing an entity declaration with long replacement text and many references to th...