Lucene search
K

154 matches found

OpenVAS
OpenVAS
added 2022/03/31 12:0 a.m.24 views

MediaWiki <= 1.39.4 Multiple Vulnerabilities - Windows

MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mediawiki:mediawiki"; ifdescripti...

9.8CVSS9.5AI score0.01427EPSS
Exploits2References3
OpenVAS
OpenVAS
added 2022/03/31 12:0 a.m.18 views

MediaWiki <= 1.39.4 Multiple Vulnerabilities - Linux

MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mediawiki:mediawiki"; ifdescripti...

9.8CVSS9.5AI score0.01427EPSS
Exploits2References3
NVD
NVD
added 2022/03/30 7:15 a.m.24 views

CVE-2022-28205

An issue was discovered in MediaWiki through 1.37.1. The CentralAuth extension mishandles a ttl issue for groups expiring in the future...

9.8CVSS0.01427EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/03/30 7:15 a.m.4 views

CVE-2022-28205

An issue was discovered in MediaWiki through 1.37.1. The CentralAuth extension mishandles a ttl issue for groups expiring in the future...

9.8CVSS5.9AI score0.01427EPSS
Exploits1References5
Prion
Prion
added 2022/03/30 7:15 a.m.19 views

Code injection

An issue was discovered in MediaWiki through 1.37.1. The CentralAuth extension mishandles a ttl issue for groups expiring in the future...

7.5CVSS9.4AI score0.01427EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2022/03/30 12:0 a.m.24 views

CVE-2022-28205

An issue was discovered in MediaWiki through 1.37.1. The CentralAuth extension mishandles a ttl issue for groups expiring in the future...

9.7AI score0.01427EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/03/30 12:0 a.m.4 views

MediaWiki 安全漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. A security vulnerability exists in MediaWiki version 1.37.1, which stems from the CentralAuth...

9.8CVSS8.2AI score0.01427EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/03/30 12:0 a.m.4 views

PT-2022-18874 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.37.1 Description: An issue was discovered in the CentralAuth extension, which mishandles a ttl issue for groups expiring in the future. Recommendations: For MediaWiki versions through 1.37.1, update to a version...

9.8CVSS6AI score0.01427EPSS
Exploits5References21
OSV
OSV
added 2022/03/30 12:0 a.m.19 views

CVE-2022-28205

An issue was discovered in MediaWiki through 1.37.1. The CentralAuth extension mishandles a ttl issue for groups expiring in the future...

9.8CVSS6.8AI score0.01427EPSS
Exploits1References5
CVE
CVE
added 2022/03/30 12:0 a.m.90 views

CVE-2022-28205

CVE-2022-28205 affects MediaWiki via the CentralAuth extension, which mishandles a TTL issue for groups expiring in the future. The vulnerability is documented with high/critical impact (CVSS v3.1: 9.8; CVSS v2: 7.5), and exploitation status is not detailed in the provided materials. Publicly doc...

9.8CVSS9.3AI score0.01427EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2021/10/06 9:15 p.m.16 views

CVE-2021-42041

An issue was discovered in CentralAuth in MediaWiki through 1.36.2. The rightsnone MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the setchange log...

6.1CVSS0.00953EPSS
Exploits1References2
OSV
OSV
added 2021/10/06 9:15 p.m.25 views

CVE-2021-42041

An issue was discovered in CentralAuth in MediaWiki through 1.36.2. The rightsnone MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the setchange log...

6.1CVSS7AI score
Exploits0References2
Prion
Prion
added 2021/10/06 9:15 p.m.22 views

Design/Logic Flaw

An issue was discovered in CentralAuth in MediaWiki through 1.36.2. The rightsnone MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the setchange log...

4.3CVSS6.5AI score0.00953EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2021/10/06 8:28 p.m.55 views

CVE-2021-42041

CVE-2021-42041 affects MediaWiki CentralAuth up to version 1.36.2, where the rightsnone message was not properly sanitized. This allows injection and execution of HTML/JavaScript via the setchange log, enabling a potential cross-site scripting vector. The CVSS metrics indicate a Network attack ve...

6.1CVSS6.5AI score0.00953EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/10/06 8:28 p.m.25 views

CVE-2021-42041

An issue was discovered in CentralAuth in MediaWiki through 1.36.2. The rightsnone MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the setchange log...

6.7AI score0.00953EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/10/06 12:0 a.m.6 views

MediaWiki 跨站脚本漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy in-house knowledge management and content management systems.CentralAuth is one of the extensions that supports shared global accounts. A security vulnerabilit...

6.1CVSS6AI score0.00953EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2021/10/06 12:0 a.m.4 views

PT-2021-23480 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.36.3 Description: An issue was discovered in CentralAuth in MediaWiki where the rightsnone MediaWiki message was not being properly sanitized. This allowed for the injection and execution of HTML and JavaScript v...

8.8CVSS6.2AI score0.01735EPSS
Exploits5References43
CNVD
CNVD
added 2021/07/06 12:0 a.m.8 views

MediaWiki Denial of Service Vulnerability (CNVD-2021-48975)

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. MediaWiki 1.36 suffers from a security vulnerability that stems from an issue discovered in the CentralAut...

7.5CVSS6.9AI score0.01039EPSS
Exploits1References1
CNVD
CNVD
added 2021/07/05 12:0 a.m.9 views

MediaWiki Authorization Issues Vulnerability (CNVD-2021-49044)

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in the CentralAuth extension for MediaWiki prior to 1.36, which stems from...

9.8CVSS6.7AI score0.01498EPSS
Exploits1References1
NVD
NVD
added 2021/07/02 1:15 p.m.24 views

CVE-2021-36127

An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalUserRights page provided search results which, for a suppressed MediaWiki user, were different than for any other user, thus easily disclosing suppressed accounts which are supposed to be completely...

4.3CVSS0.00742EPSS
Exploits1References2
Rows per page
Query Builder