Wikimedia Potential DOS due to slow WatchedItemStore::countVisitingWatchersMultiple

Wikimedia MediaWiki 1.27.0 through 1.32.1 might allow DoS. Passing invalid titles to the API could cause a DoS by querying the entire watchlist table. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6...

GHSA-7MQG-5FGH-XH4R MediaWiki Incorrect Access Control vulnerability

An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1. It is possible to bypass the limits on IP range blocks $wgBlockCIDRLimit by using the API. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6...

GHSA-WRHX-3PXR-6VGG Wikimedia MediaWiki Incorrect Access Control vulnerability

An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover...

Wikimedia MediaWiki Incorrect Access Control vulnerability

An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover...

MediaWiki SQL Injection Vulnerability

MediaWiki is a set of web-based wiki engines from the U.S. Wikimedia MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. A security vulnerability exists in MediaWiki version 1.37.2 and earlier, which stems from a SemanticDrilldown...

MediaWiki Cross-Site Request Forgery Vulnerability (CNVD-2022-70093)

MediaWiki is a free and free-to-use web-based wiki engine from the U.S. Wikimedia MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems.MediaWiki version 1.37.2 and earlier versions contain a cross-site request forgery vulnerability...

MediaWiki WikibaseMediaInfo Cross-Site Scripting Vulnerability (CNVD-2022-03945)

MediaWiki is a free and free-to-use web-based wiki engine from the U.S. Wikimedia MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems.A cross-site scripting vulnerability exists in MediaWiki, which stems from a failure of the...

[SECURITY] Fedora 35 Update: mediawiki-1.36.3-1.fc35

MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances...

Fedora: Security Advisory for mediawiki (FEDORA-2021-bef1126908)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: mediawiki-1.36.2-1.fc35

MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances...

MediaWiki Denial of Service Vulnerability (CNVD-2022-05528)

MediaWiki is a free and free-to-use web-based wiki engine from the US-based Wikimedia MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems.MediaWiki has a denial of service vulnerability in versions prior to 1.36.2, which stems from...

[SECURITY] Fedora 34 Update: mediawiki-1.35.4-1.fc34

MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances...

[SECURITY] Fedora 34 Update: mediawiki-1.35.2-1.fc34

MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances...

Fedora: Security Advisory for mediawiki (FEDORA-2021-f4223b6684)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Wikimedia Quarry analytics-quarry-web cross-site scripting vulnerability

Wikimedia Quarry analytics-quarry-web is an open source application. Wikimedia Quarry analytics-quarry-web is vulnerable to a cross-site scripting vulnerability. The vulnerability stems from the fact that app.py does not explicitly set the application json content type. No details of the...

[SECURITY] Fedora 33 Update: mediawiki-1.35.2-1.fc33

MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances...

CVE-2020-36324

Wikimedia Quarry analytics-quarry-web before 2020-12-15 allows Reflected XSS because app.py does not explicitly set the application/json content type...

CVE-2020-36324

Wikimedia Quarry analytics-quarry-web before 2020-12-15 allows Reflected XSS because app.py does not explicitly set the application/json content type...

Cross site scripting

Wikimedia Quarry analytics-quarry-web before 2020-12-15 allows Reflected XSS because app.py does not explicitly set the application/json content type...

CVE-2020-36324

Wikimedia Quarry analytics-quarry-web (affected component: app.py) is vulnerable to Reflected XSS due to not explicitly setting the application/json content type. This CVE (CVE-2020-36324) is described across multiple sources as enabling reflected XSS before 2020-12-15. The core detail shown in t...