642 matches found
CVE-2024-47846 Special:DeleteCargoTable and Special:SwitchCargoTable have no CSRF protection
Cross-Site Request Forgery CSRF vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross Site Request Forgery.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1...
CVE-2024-47846
CVE-2024-47846 affects the MediaWiki Cargo extension for MediaWiki 3.6.x prior to 3.6.1. The issue is a Cross‑Site Request Forgery (CSRF) vulnerability in Special:DeleteCargoTable and Special:SwitchCargoTable due to insufficient CSRF protection / origin verification on delete actions. The root ca...
CVE-2024-47849
CVE-2024-47849 affects the MediaWiki extension Cargo for MediaWiki 3.6.x prior to 3.6.1, caused by improper neutralization in SQL commands leading to SQL Injection. Public sources concur on versions to fix: update Cargo to 3.6.1 or later (Snyk lists 3.7+ as the remediation). Documented impact is ...
CVE-2024-47848
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - PageTriage allows Authentication Bypass.This issue affects Mediawiki - PageTriage: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2...
CVE-2024-47845
CVE-2024-47845 concerns an issue in the MediaWiki CSS Extension where improper encoding/escaping of output enables code injection. Affected range: MediaWiki CSS Extension versions 1.39.x prior to 1.39.9, 1.41.x prior to 1.41.3, and 1.42.x prior to 1.42.2. Root cause is improper output handling in...
CVE-2024-47845 CSS sanitizer used incorrectly, and is easily bypassed
Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Code Injection.This issue affects Mediawiki - CSS Extension: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2...
CVE-2024-47845 CSS sanitizer used incorrectly, and is easily bypassed
Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Code Injection.This issue affects Mediawiki - CSS Extension: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2...
Fedora: Security Advisory (FEDORA-2024-2c564b942d)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for php-wikimedia-utfnormal (FEDORA-2024-2c564b942d)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 40 Update: php-wikimedia-cdb-3.0.0-1.fc40
CDB, short for "constant database", refers to a very fast and highly reliable database system which uses a simple file with key value pairs. This library wraps the CDB functionality exposed in PHP via the dba functions. In cases where dba functions are not present or are not compiled with CDB...
[SECURITY] Fedora 40 Update: php-wikimedia-utfnormal-4.0.0-1.fc40
utfnormal is a library that contains unicode normalization functions. It was split out of MediaWiki core during the 1.25 development cycle...
wikimedia.cm Cross Site Scripting vulnerability OBB-3857657
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
[SECURITY] Fedora 39 Update: mediawiki-1.39.4-1.fc39
MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances...
[SECURITY] Fedora 37 Update: mediawiki-1.38.7-1.fc37
MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances...
[SECURITY] Fedora 38 Update: mediawiki-1.39.4-1.fc38
MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances...
[SECURITY] Fedora 38 Update: mediawiki-1.39.3-1.fc38
MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances...
[SECURITY] Fedora 37 Update: mediawiki-1.38.6-1.fc37
MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances...
Fedora: Security Advisory for mediawiki (FEDORA-2023-567baef490)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2018-25065
A vulnerability was found in Wikimedia mediawiki-extensions-I18nTags and classified as problematic. This issue affects some unknown processing of the file I18nTagsbody.php of the component Unlike Parser. The manipulation leads to cross site scripting. The attack may be initiated remotely. The...
CVE-2018-25065
A vulnerability was found in Wikimedia mediawiki-extensions-I18nTags and classified as problematic. This issue affects some unknown processing of the file I18nTagsbody.php of the component Unlike Parser. The manipulation leads to cross site scripting. The attack may be initiated remotely. The...