Cross site scripting

A vulnerability was found in Wikimedia mediawiki-extensions-I18nTags and classified as problematic. This issue affects some unknown processing of the file I18nTagsbody.php of the component Unlike Parser. The manipulation leads to cross site scripting. The attack may be initiated remotely. The...

CVE-2018-25065 Wikimedia mediawiki-extensions-I18nTags Unlike Parser I18nTags_body.php cross site scripting

A vulnerability was found in Wikimedia mediawiki-extensions-I18nTags and classified as problematic. This issue affects some unknown processing of the file I18nTagsbody.php of the component Unlike Parser. The manipulation leads to cross site scripting. The attack may be initiated remotely. The...

CVE-2018-25065

The CVE-2018-25065 entry concerns Wikimedia’s mediawiki-extensions-I18nTags, specifically a vulnerability in the I18nTags_body.php processing within the Unlike Parser component that enables cross-site scripting. The issue is exploitable remotely and affects unspecified versions of the extension; ...

CVE-2018-25065 Wikimedia mediawiki-extensions-I18nTags Unlike Parser I18nTags_body.php cross site scripting

A vulnerability was found in Wikimedia mediawiki-extensions-I18nTags and classified as problematic. This issue affects some unknown processing of the file I18nTagsbody.php of the component Unlike Parser. The manipulation leads to cross site scripting. The attack may be initiated remotely. The...

Semantic Drilldown 安全漏洞

Semantic Drilldown is a MediaWiki extension to Wikimedia open source. A security vulnerability exists in Semantic Drilldown. Attackers use this vulnerability to execute cross-site scripting attacks...

Fedora: Security Advisory for php-wikimedia-cdb (FEDORA-2022-ea159a2ec4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for php-wikimedia-assert (FEDORA-2022-ea159a2ec4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for mediawiki (FEDORA-2022-ea159a2ec4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 37 Update: php-wikimedia-cdb-2.0.0-8.fc37

CDB, short for "constant database", refers to a very fast and highly reliable database system which uses a simple file with key value pairs. This library wraps the CDB functionality exposed in PHP via the dba functions. In cases where dba functions are not present or are not compiled with CDB...

Fedora: Security Advisory for mediawiki (FEDORA-2022-bca2c95559)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: mediawiki-1.37.4-1.fc36

MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances...

MediaWiki Denial of Service Vulnerability (CNVD-2022-60675)

MediaWiki is a set of web-based wiki engines from the U.S. Wikimedia MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. MediaWiki version 1.38.1 and earlier versions have a denial of service vulnerability, which stems from the fac...

GHSA-5PQX-77VF-85RW Wikimedia Parsoid vulnerable to Cross-site Scripting (XSS)

An issue was discovered in Wikimedia Parsoid before 0.11.1 and 0.12.x before 0.12.2. An attacker can send crafted wikitext that Utils/WTUtils.php will transform by using a tag, bypassing sanitization steps, and potentially allowing for XSS...

Wikimedia Parsoid vulnerable to Cross-site Scripting (XSS)

An issue was discovered in Wikimedia Parsoid before 0.11.1 and 0.12.x before 0.12.2. An attacker can send crafted wikitext that Utils/WTUtils.php will transform by using a tag, bypassing sanitization steps, and potentially allowing for XSS...

GHSA-2QRR-C2GH-PR35 Wikimedia information leak vulnerability

Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6...

Wikimedia information leak vulnerability

Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6...

GHSA-33XW-X3PR-RVQJ Wikimedia Potential DOS due to slow WatchedItemStore::countVisitingWatchersMultiple

Wikimedia MediaWiki 1.27.0 through 1.32.1 might allow DoS. Passing invalid titles to the API could cause a DoS by querying the entire watchlist table. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6...

GHSA-7MQG-5FGH-XH4R MediaWiki Incorrect Access Control vulnerability

An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1. It is possible to bypass the limits on IP range blocks $wgBlockCIDRLimit by using the API. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6...

Wikimedia Potential DOS due to slow WatchedItemStore::countVisitingWatchersMultiple

Wikimedia MediaWiki 1.27.0 through 1.32.1 might allow DoS. Passing invalid titles to the API could cause a DoS by querying the entire watchlist table. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6...

Wikimedia MediaWiki allows CSRF

Wikimedia MediaWiki through 1.32.1 allows CSRF in logout feature...