16 matches found
Information Exposure
Overview mediawiki/core is a Free software wiki application developed by the Wikimedia Foundation and others. Note: This package is not maintained on Packagist anymore, but newer releases exist. Affected versions of this package are vulnerable to Information Exposure via the includes/Skin/Skin.Ph...
CVE-2026-34092 Block UI elements in 'tools'-sidebar shows presence of an autoblocked IP
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Skin/Skin.Php. This issue affects MediaWiki: from before 1.43.7, 1.44.4, 1.45.2...
CVE-2026-34092 Block UI elements in 'tools'-sidebar shows presence of an autoblocked IP
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Skin/Skin.Php. This issue affects MediaWiki: from before 1.43.7, 1.44.4, 1.45.2...
CVE-2026-34092
CVE-2026-34092 affects Wikimedia Foundation MediaWiki. The information exposure arises from the includes/Skin/Skin.Php component, where UI elements in the tools sidebar reveal autoblocked IP presence. Affected versions are MediaWiki before 1.43.7, 1.44.4, and 1.45.2. Remediation is to upgrade to ...
MediaWiki < 1.35.10, 1.36.x < 1.38.6, 1.39.x < 1.39.3 Multiple Vulnerabilities - Windows
MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mediawiki:mediawiki"; ifdescripti...
mediawiki -- multiple vulnerabilities
Mediawikwi reports: T285159, CVE-2023-PENDING SECURITY: X-Forwarded-For header allows brute-forcing autoblocked IP addresses. T326946, CVE-2020-36649 SECURITY: Bundled PapaParse copy in VisualEditor has known ReDos. T330086, CVE-2023-PENDING SECURITY: OATHAuth allows replay attacks when MediaWiki...
CVE-2015-6727
The Special:DeletedContributions page in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to determine if an IP is autoblocked via the "Change block" text...
DEBIAN-CVE-2015-6727
The Special:DeletedContributions page in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to determine if an IP is autoblocked via the "Change block" text...
CVE-2013-7444
The Special:Contributions page in MediaWiki before 1.22.0 allows remote attackers to determine if an IP is autoblocked via the "Change block" text...
Code injection
The Special:DeletedContributions page in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to determine if an IP is autoblocked via the "Change block" text...
Code injection
The Special:Contributions page in MediaWiki before 1.22.0 allows remote attackers to determine if an IP is autoblocked via the "Change block" text...
CVE-2013-7444
The Special:Contributions page in MediaWiki before 1.22.0 allows remote attackers to determine if an IP is autoblocked via the "Change block" text...
CVE-2015-6727
The Special:DeletedContributions page in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to determine if an IP is autoblocked via the "Change block" text...
CVE-2013-7444
The Special:Contributions page in MediaWiki before 1.22.0 allows remote attackers to determine if an IP is autoblocked via the "Change block" text...
CVE-2013-7444
The CVE-2013-7444 issue affects MediaWiki versions before 1.22.0, where the Special:Contributions page could leak information by revealing whether an IP is autoblocked via the Change block text. The vulnerability is an information disclosure on a web application feature, enabling remote attackers...
Fedora 23 : mediawiki-1.25.2-2.fc23 (2015-13920)
T94116 SECURITY: Compare API watchlist token in constant time T97391 SECURITY: Escape error message strings in thumb.php T106893 SECURITY: Don't leak autoblocked IP addresses on Special:DeletedContributions T102562 Fix InstantCommons parameters to handle the new HTTPS-only policy of Wikimedia...