CVE-2023-22945

The CVE-2023-22945 entry concerns MediaWiki’s GrowthExperiments extension (through version 1.39) where the growthmanagementorlist API permits blocked users (blocked via ApiManageMentorList) to enroll as mentors or edit any mentorship-related properties. This indicates an authorization check flaw ...

CVE-2023-22945

In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users blocked in ApiManageMentorList to enroll as mentors or edit any of their mentorship-related properties...

PT-2023-18788 · Mediawiki +1 · Growthexperiments +1

Name of the Vulnerable Software and Affected Versions: GrowthExperiments extension for MediaWiki versions 1.39 and earlier Description: The issue allows blocked users to enroll as mentors or edit their mentorship-related properties through the "growthmanagementorlist" API endpoint. This affects...

CVE-2023-22945

In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users blocked in ApiManageMentorList to enroll as mentors or edit any of their mentorship-related properties...

MediaWiki 安全漏洞

MediaWiki is a free and free-to-use web-based wiki engine from the MediaWiki Foundation, which can be used to deploy in-house knowledge management and content management systems. An authorization error vulnerability exists in the MediaWiki GrowthExperiments extension, which could be exploited by ...

CVE-2022-39194

An issue was discovered in the MediaWiki through 1.38.2. The community configuration pages for the GrowthExperiments extension could cause a site to become unavailable due to insufficient validation when certain actions including page moves were performed...

CVE-2022-39194

An issue was discovered in the MediaWiki through 1.38.2. The community configuration pages for the GrowthExperiments extension could cause a site to become unavailable due to insufficient validation when certain actions including page moves were performed...

CVE-2022-39194

An issue was discovered in the MediaWiki through 1.38.2. The community configuration pages for the GrowthExperiments extension could cause a site to become unavailable due to insufficient validation when certain actions including page moves were performed...

Input validation

An issue was discovered in the MediaWiki through 1.38.2. The community configuration pages for the GrowthExperiments extension could cause a site to become unavailable due to insufficient validation when certain actions including page moves were performed...

CVE-2022-39194

An issue was discovered in the MediaWiki through 1.38.2. The community configuration pages for the GrowthExperiments extension could cause a site to become unavailable due to insufficient validation when certain actions including page moves were performed...

CVE-2022-39194

CVE-2022-39194 concerns MediaWiki with GrowthExperiments: insufficient validation on certain actions (e.g., page moves) can render a site unavailable. Within the provided connected documents, there are no explicit details on affected versions, the exact root cause beyond the general validation ga...

MediaWiki 资源管理错误漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. A resource management error vulnerability exists in MediaWiki version 1.38.2, which stems from th...

PT-2022-24796 · Unknown +2 · Growthexperiments +2

Name of the Vulnerable Software and Affected Versions: MediaWiki versions 1.38.2 and earlier Description: An issue was discovered in the community configuration pages for the GrowthExperiments extension, which could cause a site to become unavailable due to insufficient validation when certain...

CVE-2021-42042

An issue was discovered in SpecialEditGrowthConfig in the GrowthExperiments extension in MediaWiki through 1.36.2. The growthexperiments-edit-config-error-invalid-title MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript...

CVE-2021-42044

An issue was discovered in the Mentor dashboard in the GrowthExperiments extension in MediaWiki through 1.36.2. The Growthexperiments-mentor-dashboard-mentee-overview-add-filter-total-edits-headline, growthexperiments-mentor-dashboard-mentee-overview-add-filter-starred-headline,...

CVE-2021-42044

An issue was discovered in the Mentor dashboard in the GrowthExperiments extension in MediaWiki through 1.36.2. The Growthexperiments-mentor-dashboard-mentee-overview-add-filter-total-edits-headline, growthexperiments-mentor-dashboard-mentee-overview-add-filter-starred-headline,...

Design/Logic Flaw

An issue was discovered in the Mentor dashboard in the GrowthExperiments extension in MediaWiki through 1.36.2. The Growthexperiments-mentor-dashboard-mentee-overview-add-filter-total-edits-headline, growthexperiments-mentor-dashboard-mentee-overview-add-filter-starred-headline,...

CVE-2021-42042

CVE-2021-42042 concerns MediaWiki’s GrowthExperiments extension, specifically the SpecialEditGrowthConfig vulnerability where the growthexperiments-edit-config-error-invalid-title message was not sanitized. This allowed injection and execution of HTML/JavaScript. The description lists the affecte...

CVE-2021-42042

An issue was discovered in SpecialEditGrowthConfig in the GrowthExperiments extension in MediaWiki through 1.36.2. The growthexperiments-edit-config-error-invalid-title MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript...

CVE-2021-42044

**CVE-2021-42044 (MediaWiki)FFECT: The issue affects the Mentor dashboard in the GrowthExperiments extension up to MediaWiki 1.36.2, where specific mentor- and mentee-related Messages (e.g., add-filter-total-edits, info-text, info-legend, active-ago) were not properly sanitized. This allows injec...