17 matches found
EUVD-2024-22469
Malicious code in bioql PyPI...
EUVD-2024-42686
Malicious code in bioql PyPI...
CVE-2024-25107
WikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis. On Special:WikiDiscover, the Language::date function is used when making the human-readable timestamp for inclusion on the wikicreation column. This function uses interface messages to translate the nam...
CVE-2024-47782
WikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis. Special:WikiDiscover is a special page that lists all wikis on the wiki farm. However, the special page does not make any effort to escape the wiki name or description. Therefore, if a wiki sets its nam...
CVE-2024-47782
WikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis. Special:WikiDiscover is a special page that lists all wikis on the wiki farm. However, the special page does not make any effort to escape the wiki name or description. Therefore, if a wiki sets its nam...
Cross-site Scripting
Overview Affected versions of this package are vulnerable to Cross-site Scripting due to improper wiki name or description sanitization in the Special:WikiDiscover page. Workaround This vulnerability can be mitigated by blocking access to Special:WikiDiscover if unable to upgrade. Remediation A f...
CVE-2024-47782 Cross-site Scripting (XSS) in Special:WikiDiscover when displaying wiki information in WikiDiscover
WikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis. Special:WikiDiscover is a special page that lists all wikis on the wiki farm. However, the special page does not make any effort to escape the wiki name or description. Therefore, if a wiki sets its nam...
WikiDiscover 安全漏洞
WikiDiscover is a Miraheze open source extension for CreateWiki hosted farms. A security vulnerability exists in WikiDiscover that stems from not performing any escaping of the wiki's name or description. An attacker exploited the vulnerability to perform a cross-site scripting attack...
PT-2024-32814 · Unknown · Wikidiscover
Name of the Vulnerable Software and Affected Versions: WikiDiscover affected versions not specified Description: The issue concerns WikiDiscover, an extension for displaying wikis on a CreateWiki managed farm. A special page, Special:WikiDiscover, lists all wikis but fails to escape wiki names an...
CVE-2024-25107
WikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis. On Special:WikiDiscover, the Language::date function is used when making the human-readable timestamp for inclusion on the wikicreation column. This function uses interface messages to translate the nam...
Design/Logic Flaw
WikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis. On Special:WikiDiscover, the Language::date function is used when making the human-readable timestamp for inclusion on the wikicreation column. This function uses interface messages to translate the nam...
CVE-2024-25107 Cross-Site Scripting in WikiDiscover
WikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis. On Special:WikiDiscover, the Language::date function is used when making the human-readable timestamp for inclusion on the wikicreation column. This function uses interface messages to translate the nam...
CVE-2024-25107 Cross-Site Scripting in WikiDiscover
WikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis. On Special:WikiDiscover, the Language::date function is used when making the human-readable timestamp for inclusion on the wikicreation column. This function uses interface messages to translate the nam...
CVE-2024-25107 Cross-Site Scripting in WikiDiscover
WikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis. On Special:WikiDiscover, the Language::date function is used when making the human-readable timestamp for inclusion on the wikicreation column. This function uses interface messages to translate the nam...
CVE-2024-25107
WikiDiscover, an extension for CreateWiki, contains an XSS vulnerability in Special:WikiDiscover where Language::date uses unescaped interface messages from MONTH/DAY translations, yielding unescaped output. Exploitation requires the (editinterface) right. The issue is addressed in commit 267e763...
PT-2024-20752 · Unknown · Wikidiscover
Name of the Vulnerable Software and Affected Versions: WikiDiscover affected versions not specified Description: The issue arises from the use of the Language::date function on Special:WikiDiscover, which utilizes unescaped interface messages to translate month and day names. This results in an X...
WikiDiscover Cross-Site Scripting Vulnerability
WikiDiscover is a Miraheze open source extension for CreateWiki hosted farms. A cross-site scripting vulnerability exists in previous versions of WikiDiscover 267e763a0d7460f001693c42f67717a0fc3fd6bb. An attacker could exploit this vulnerability to perform cross-site scripting attacks...