16 matches found
EUVD-2021-29035
Malicious code in bioql PyPI...
EUVD-2021-29036
Malicious code in bioql PyPI...
BIT-MEDIAWIKI-2021-42047
An issue was discovered in the Growth extension in MediaWiki through 1.36.2. On any Wiki with the Mentor Dashboard feature enabled, users can login with a mentor account and trigger an XSS payload such as alert via Growthexperiments-mentor-dashboard-mentee-overview-no-js-fallback...
CVE-2021-42048
An issue was discovered in the Growth extension in MediaWiki through 1.36.2. Any admin can add arbitrary JavaScript code to the Newcomer home page footer, which can be executed by viewers with zero edits...
CVE-2021-42045
An issue was discovered in SecurePoll in the Growth extension in MediaWiki through 1.36.2. Simple polls allow users to create alerts by changing their User-Agent HTTP header and submitting a vote...
CVE-2021-42047
An issue was discovered in the Growth extension in MediaWiki through 1.36.2. On any Wiki with the Mentor Dashboard feature enabled, users can login with a mentor account and trigger an XSS payload such as alert via Growthexperiments-mentor-dashboard-mentee-overview-no-js-fallback...
CVE-2021-42047
An issue was discovered in the Growth extension in MediaWiki through 1.36.2. On any Wiki with the Mentor Dashboard feature enabled, users can login with a mentor account and trigger an XSS payload such as alert via Growthexperiments-mentor-dashboard-mentee-overview-no-js-fallback...
Cross site scripting
An issue was discovered in the Growth extension in MediaWiki through 1.36.2. On any Wiki with the Mentor Dashboard feature enabled, users can login with a mentor account and trigger an XSS payload such as alert via Growthexperiments-mentor-dashboard-mentee-overview-no-js-fallback...
CVE-2021-42045
CVE-2021-42045 affects MediaWiki’s SecurePoll Growth extension (up to v1.36.2). The issue enables poll alert creation by manipulating the User-Agent header during vote submission. PT Security advisories indicate fixes in newer MediaWiki releases (e.g., 1.36.3+ and 1.37.1+), with broader guidance ...
CVE-2021-42047
CVE-2021-42047 concerns the Growth extension in MediaWiki up to 1.36.2 with Mentor Dashboard enabled. The issue allows an authenticated mentor to trigger a stored XSS payload (for example via Growthexperiments-mentor-dashboard-mentee-overview-no-js-fallback) by logging in as a mentor. Multiple co...
CVE-2021-42047
An issue was discovered in the Growth extension in MediaWiki through 1.36.2. On any Wiki with the Mentor Dashboard feature enabled, users can login with a mentor account and trigger an XSS payload such as alert via Growthexperiments-mentor-dashboard-mentee-overview-no-js-fallback...
CVE-2021-42048
An issue was discovered in the Growth extension in MediaWiki through 1.36.2. Any admin can add arbitrary JavaScript code to the Newcomer home page footer, which can be executed by viewers with zero edits...
CVE-2021-42048
CVE-2021-42048 concerns the Growth extension in MediaWiki up to 1.36.2, where any admin can inject arbitrary JavaScript into the Newcomer home page footer, which is then executed by viewers with zero edits. The issue is triggered by admin-written JS on the footer, enabling code execution in end-u...
PT-2021-23486 · Mediawiki +1 · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.36.2 Description: An issue was discovered in the Growth extension in MediaWiki. On any Wiki with the Mentor Dashboard feature enabled, users can login with a mentor account and trigger an XSS payload, such as an...
PT-2021-23484 · Mediawiki +1 · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.36.2 Description: An issue was discovered in SecurePoll in the Growth extension, where simple polls allow users to create alerts by changing their User-Agent HTTP header and submitting a vote. Recommendations: For...
PT-2021-23487 · Mediawiki +1 · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.36.2 Description: An issue was discovered in the Growth extension in MediaWiki. Any admin can add arbitrary JavaScript code to the Newcomer home page footer, which can be executed by viewers with zero edits...