6 matches found
CVE-2024-23178
An issue was discovered in the Phonos extension in MediaWiki before 1.40.2. PhonosButton.js allows i18n-based XSS via the phonos-purge-needed-error message...
MediaWiki Security Breach
MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy internal knowledge management and content management systems. A security vulnerability exists in MediaWiki versions prior to 1.40.2, which stems from a cross-site...
MediaWiki Cross-Site Scripting Vulnerability
MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. A cross-site scripting vulnerability exists in MediaWiki versions prior to 1.35.14, 1.36.x through 1.39.6,...
MediaWiki Security Breach
MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy internal knowledge management and content management systems. A security vulnerability exists in MediaWiki versions prior to 1.40.2, which stems from a cross-site...
CVE-2024-23173
An issue was discovered in the Cargo extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:Drilldown page allows XSS via artist, album, and position parameters because of applied filter values in drilldown/CargoAppliedFilter.php...
MediaWiki Security Breach
MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. A security vulnerability exists in MediaWiki, which stems from a cross-site scripting XSS...