The vulnerability of the extension of the Wikibase software for implementing the MediaWiki hypertext environment allows a hacker to cause a service failure.

The vulnerability of the extension of the Wikibase software for implementing the MediaWiki hypertext environment is related to the lack of speed limits on the merging of elements. Exploiting this vulnerability could allow a malicious actor to cause service failures...

The vulnerability of the extension of the Wikibase software for implementing the MediaWiki hypertext environment allows a perpetrator to compromise the integrity of the data.

The vulnerability of the extension of the Wikibase software for implementing the MediaWiki hypertext environment is related to the failure of the editing filters. Exploiting this vulnerability could allow a malicious actor, operating remotely, to compromise confidentiality and affect the integrit...

BIT-MEDIAWIKI-2021-45472

In MediaWiki through 1.37, XSS can occur in Wikibase because an external identifier property can have a URL format that includes a $1 formatter substitution marker, and the javascript: URL scheme among others can be used...

BIT-MEDIAWIKI-2021-45473

In MediaWiki through 1.37, Wikibase item descriptions allow XSS, which is triggered upon a visit to an action=info URL aka a page-information sidebar...

BIT-MEDIAWIKI-2022-34750

An issue was discovered in MediaWiki through 1.38.1. The lemma length of a Wikibase lexeme is currently capped at a thousand characters. Unfortunately, this length is not validated, allowing much larger lexemes to be created, which introduces various denial-of-service attack vectors within the...

BIT-MEDIAWIKI-2023-22910

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. There is XSS in Wikibase date formatting via wikibase-time-precision- fields. This allows JavaScript execution by staff/admin users who do not intentionally have the editsitejs...

BIT-MEDIAWIKI-2023-37301

An issue was discovered in SubmitEntityAction in Wikibase in MediaWiki through 1.39.3. Because it doesn't use EditEntity for undo and restore, the intended interaction with AbuseFilter does not occur...

BIT-MEDIAWIKI-2023-37302

An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate from resources/wikibase/templates.js for quotes which can be in a title attribute...

BIT-MEDIAWIKI-2023-45371

An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is no rate limit for merging items...

BIT-MEDIAWIKI-2023-45372

An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. During item merging, ItemMergeInteractor does not have an edit filter running e.g., AbuseFilter...

CVE-2023-45371

An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is no rate limit for merging items...

CVE-2023-45371

An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is no rate limit for merging items...

CVE-2023-45371

An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is no rate limit for merging items...

CVE-2023-45372

An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. During item merging, ItemMergeInteractor does not have an edit filter running e.g., AbuseFilter...

CVE-2023-45372

An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. During item merging, ItemMergeInteractor does not have an edit filter running e.g., AbuseFilter...

Design/Logic Flaw

An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. During item merging, ItemMergeInteractor does not have an edit filter running e.g., AbuseFilter...

Information disclosure

An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is no rate limit for merging items...

CVE-2023-45372

An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. During item merging, ItemMergeInteractor does not have an edit filter running e.g., AbuseFilter...

MediaWiki Security Breach

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. A security vulnerability exists in MediaWiki that stems from a Wikibase extension that does not r...

CVE-2023-45372

CVE-2023-45372 affects the Wikibase extension for MediaWiki. During item merging, ItemMergeInteractor runs without an edit filter (e.g., AbuseFilter), enabling potential unfiltered edits. Affected versions: MediaWiki Wikibase extension before 1.35.12; 1.36.x through 1.39.x before 1.39.5; and 1.40...