3 matches found
MediaWiki 跨站脚本漏洞
MediaWiki is a free and free-to-use web-based wiki engine from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems.A cross-site scripting vulnerability exists in MediaWiki, which stems from the product's Special:CheckUserLog...
PT-2022-12584 · Mediawiki +1 · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.35.5 MediaWiki versions 1.36.x prior to 1.36.3 MediaWiki versions 1.37.x prior to 1.37.1 Description: An issue in MediaWiki allows for XSS due to date mishandling in Special:CheckUserLog, as demonstrated by an XS...
CVE-2021-31553
An issue was discovered in the CheckUser extension for MediaWiki through 1.35.2. MediaWiki usernames with trailing whitespace could be stored in the culog database table such that denial of service occurred for certain CheckUser extension pages and functionality. For example, the attacker could...