CVE-2021-42045

An issue was discovered in SecurePoll in the Growth extension in MediaWiki through 1.36.2. Simple polls allow users to create alerts by changing their User-Agent HTTP header and submitting a vote...

Design/Logic Flaw

An issue was discovered in SecurePoll in the Growth extension in MediaWiki through 1.36.2. Simple polls allow users to create alerts by changing their User-Agent HTTP header and submitting a vote...

CVE-2022-28323

An issue was discovered in MediaWiki through 1.37.2. The SecurePoll extension allows a leak because sorting by timestamp is supported,...

CVE-2022-28323

An issue was discovered in MediaWiki through 1.37.2. The SecurePoll extension allows a leak because sorting by timestamp is supported,...

CVE-2022-28323

An issue was discovered in MediaWiki through 1.37.2. The SecurePoll extension allows a leak because sorting by timestamp is supported,...

CVE-2022-28323

An issue was discovered in MediaWiki through 1.37.2. The SecurePoll extension allows a leak because sorting by timestamp is supported,...

Code injection

An issue was discovered in MediaWiki through 1.37.2. The SecurePoll extension allows a leak because sorting by timestamp is supported,...

CVE-2022-28323

An issue was discovered in MediaWiki through 1.37.2. The SecurePoll extension allows a leak because sorting by timestamp is supported,...

CVE-2022-28323

CVE-2022-28323 concerns MediaWiki up to 1.37.2 with the SecurePoll extension. The issue is a leak caused by sorting by timestamp being supported, enabling exposure of information that should be restricted. The CVSS metrics indicate base scores of 5.0 (AV:N/AC:L/PR:N/UI:N/S:U/C:P/I:N/A:N) and 7.5 ...

MediaWiki 安全漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. A security vulnerability exists in MediaWiki version 1.37.2 and prior versions, which stems from...

PT-2022-18961 · Mediawiki +1 · Mediawiki +2

Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.37.2 Description: An issue was discovered in the SecurePoll extension of MediaWiki, allowing a leak because sorting by timestamp is supported. Recommendations: For MediaWiki versions through 1.37.2, consider...

CVE-2021-46148

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. Some unprivileged users can view confidential information e.g., IP addresses and User-Agent headers for election traffic on a testwiki SecurePoll instance...

MediaWiki has an unspecified vulnerability (CNVD-2022-03938)

MediaWiki is a free and free-to-use web-based wiki engine from the U.S. Wikimedia MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems.A security vulnerability exists in MediaWiki, which stems from the fact that the product allows...

Design/Logic Flaw

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. Some unprivileged users can view confidential information e.g., IP addresses and User-Agent headers for election traffic on a testwiki SecurePoll instance...

MediaWiki 信息泄露漏洞

MediaWiki is a free and free-to-use web-based wiki engine from the U.S. Wikimedia MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems.A security vulnerability exists in MediaWiki, which stems from the fact that the product allows...

CVE-2021-46148

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. Some unprivileged users can view confidential information e.g., IP addresses and User-Agent headers for election traffic on a testwiki SecurePoll instance...

CVE-2021-46148

MediaWiki prior to 1.35.5, 1.36.x prior to 1.36.3, and 1.37.x prior to 1.37.1 contains a CSRF flaw related to MassEditRegex that can be triggered by unprivileged users on testwiki SecurePoll instances. Affected software: MediaWiki; vulnerable component/function: MassEditRegex handling that enable...

PT-2022-12582 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.35.5 MediaWiki versions 1.36.x prior to 1.36.3 MediaWiki versions 1.37.x prior to 1.37.1 Description: An issue allows some unprivileged users to view confidential information, such as IP addresses and User-Agent...

CVE-2021-42045

An issue was discovered in SecurePoll in the Growth extension in MediaWiki through 1.36.2. Simple polls allow users to create alerts by changing their User-Agent HTTP header and submitting a vote...

CVE-2021-42045

CVE-2021-42045 affects MediaWiki’s SecurePoll Growth extension (up to v1.36.2). The issue enables poll alert creation by manipulating the User-Agent header during vote submission. PT Security advisories indicate fixes in newer MediaWiki releases (e.g., 1.36.3+ and 1.37.1+), with broader guidance ...