CVE-2021-30153

An issue was discovered in the VisualEditor extension in MediaWiki before 1.31.13, and 1.32.x through 1.35.x before 1.35.2. . When using VisualEditor to edit a MediaWiki user page belonging to an existing, but hidden, user, VisualEditor will disclose that the user exists. It shouldn't because the...

CVE-2021-30153

An issue was discovered in the VisualEditor extension in MediaWiki before 1.31.13, and 1.32.x through 1.35.x before 1.35.2. . When using VisualEditor to edit a MediaWiki user page belonging to an existing, but hidden, user, VisualEditor will disclose that the user exists. It shouldn't because the...

DEBIAN-CVE-2021-30153

An issue was discovered in the VisualEditor extension in MediaWiki before 1.31.13, and 1.32.x through 1.35.x before 1.35.2. . When using VisualEditor to edit a MediaWiki user page belonging to an existing, but hidden, user, VisualEditor will disclose that the user exists. It shouldn't because the...

CVE-2021-30153

An issue was discovered in the VisualEditor extension in MediaWiki before 1.31.13, and 1.32.x through 1.35.x before 1.35.2. . When using VisualEditor to edit a MediaWiki user page belonging to an existing, but hidden, user, VisualEditor will disclose that the user exists. It shouldn't because the...

CVE-2021-30153

An issue was discovered in the VisualEditor extension in MediaWiki before 1.31.13, and 1.32.x through 1.35.x before 1.35.2. . When using VisualEditor to edit a MediaWiki user page belonging to an existing, but hidden, user, VisualEditor will disclose that the user exists. It shouldn't because the...

CVE-2021-30153

An issue was discovered in the VisualEditor extension in MediaWiki before 1.31.13, and 1.32.x through 1.35.x before 1.35.2. . When using VisualEditor to edit a MediaWiki user page belonging to an existing, but hidden, user, VisualEditor will disclose that the user exists. It shouldn't because the...

CVE-2021-30153

Vulnerability summary (CVE-2021-30153) : In MediaWiki, the VisualEditor extension (API path ApiVisualEditor) can disclose that a hidden user exists when editing that user’s page. This affects MediaWiki versions targeting: before 1.31.13, and 1.32.x through 1.35.x before 1.35.2. Impact : potential...

The vulnerability of the VisualEditor component, a software tool for implementing the hypertext environment MediaWiki, allows a attacker to carry out cross-site scripting (XSS) attacks.

The vulnerability of the VisualEditor component, a software tool for implementing the hypertext environment of MediaWiki, exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

MediaWiki Cross-Site Scripting Vulnerability

MediaWiki is a free and free-to-use web-based wiki engine from the U.S. Wikimedia MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. MediaWiki has a cross-site scripting vulnerability that can be exploited by attackers to inject...

MediaWiki 跨站脚本漏洞

MediaWiki is a free and free-to-use web-based wiki engine from the U.S. Wikimedia MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. MediaWiki has a cross-site scripting vulnerability that can be exploited by attackers to inject...

Updated mediawiki packages fix security vulnerabilities

Updated mediawiki packages fix security vulnerabilities: == Security fixes == T292763. CVE-2021-44854 REST API incorrectly publicly caches autocomplete search results from private wikis. T271037, CVE-2021-44856 Title blocked in AbuseFilter can be created via Special:ChangeContentModel. T297322,...

PT-2022-5002 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions 1.35.5 and earlier, 1.36.x before 1.36.3, 1.37.x before 1.37.1 Description: The issue is related to Blind Stored XSS via a URL to the Upload Image feature. This could allow a remote attacker to conduct a cross-site scriptin...

PT-2023-12138 · Mediawiki +1 · Visualeditor +2

Name of the Vulnerable Software and Affected Versions: MediaWiki versions 1.31 through 1.31.12 MediaWiki versions 1.32.x through 1.35.1 Description: An issue was discovered in the VisualEditor extension. When using VisualEditor to edit a MediaWiki user page belonging to an existing, but hidden,...

mediawiki -- multiple vulnerabilities

Mediawikwi reports: T285159, CVE-2023-PENDING SECURITY: X-Forwarded-For header allows brute-forcing autoblocked IP addresses. T326946, CVE-2020-36649 SECURITY: Bundled PapaParse copy in VisualEditor has known ReDos. T330086, CVE-2023-PENDING SECURITY: OATHAuth allows replay attacks when MediaWiki...

CVE-2019-19708

The VisualEditor extension through 1.34 for MediaWiki allows XSS via pasted content containing an element with a data-ve-clipboard-key attribute...

MediaWiki VisualEditor Cross-Site Scripting Vulnerability

MediaWiki is a set of free and freely available web-based Wiki engines from the MediaWiki Wikimedia Foundation in the United States. The product can be used to deploy in-house knowledge management and content management systems.VisualEditor is a rich text editor extension used in it. A cross-site...

CVE-2019-19708

The VisualEditor extension through 1.34 for MediaWiki allows XSS via pasted content containing an element with a data-ve-clipboard-key attribute...

CVE-2019-19708

The VisualEditor extension through 1.34 for MediaWiki allows XSS via pasted content containing an element with a data-ve-clipboard-key attribute...

Cross site scripting

The VisualEditor extension through 1.34 for MediaWiki allows XSS via pasted content containing an element with a data-ve-clipboard-key attribute...

CVE-2019-19708

The CVE-2019-19708 issue affects the VisualEditor extension for MediaWiki up to version 1.34. The vulnerability arises from improper handling of pasted content, allowing cross-site scripting (XSS) through an element containing a data-ve-clipboard-key attribute. Affected component: VisualEditor in...