Wikimedia Mediawiki - CheckUser Extension 安全漏洞

Wikimedia Mediawiki - CheckUser Extension is a Wikimedia Foundation extension for checking IP addresses. A security vulnerability exists in Wikimedia Mediawiki - CheckUser Extension, which stems from a specific internationalization message in the Account information tab that is not properly...

PT-2025-28474 · Mediawiki · Mediawiki

Name of the Vulnerable Software and Affected Versions: Mediawiki - CheckUser extension versions 1.39.0 through 1.39.12 Mediawiki - CheckUser extension versions 1.42.0 through 1.42.6 Mediawiki - CheckUser extension versions 1.43.0 through 1.43.1 Description: The issue is related to the rendering o...

PT-2025-28632 · Mediawiki · Mediawiki

Name of the Vulnerable Software and Affected Versions: MediaWiki - CheckUser extension versions 1.39.X through 1.39.13 MediaWiki - CheckUser extension versions 1.42.X through 1.42.7 MediaWiki - CheckUser extension versions 1.43.X through 1.43.2 Description: The Special:CheckUser interface is...

CVE-2025-53478

The CheckUser extension’s Special:Investigate interface is vulnerable to reflected XSS due to improper escaping of certain internationalized system messages rendered on the “IPs and User agents” tab. This issue affects Mediawiki - CheckUser extension: from 1.39.X before 1.39.13, from 1.42.X befor...

CVE-2025-53478

The CVE-2025-53478 issue affects the MediaWiki CheckUser extension, specifically the Special:Investigate interface. It is a reflected XSS flaw caused by improper escaping of internationalized system messages rendered on the “IPs and User agents” tab. Affected versions include 1.39.x before 1.39.1...

CVE-2025-53478 CheckUser: Reflected Cross-Site Scripting (XSS) in Special:Investigate via unsanitized i18n messages

The CheckUser extension’s Special:Investigate interface is vulnerable to reflected XSS due to improper escaping of certain internationalized system messages rendered on the “IPs and User agents” tab. This issue affects Mediawiki - CheckUser extension: from 1.39.X before 1.39.13, from 1.42.X befor...

CVE-2025-53478 CheckUser: Reflected Cross-Site Scripting (XSS) in Special:Investigate via unsanitized i18n messages

The CheckUser extension’s Special:Investigate interface is vulnerable to reflected XSS due to improper escaping of certain internationalized system messages rendered on the “IPs and User agents” tab. This issue affects Mediawiki - CheckUser extension: from 1.39.X before 1.39.13, from 1.42.X befor...

Wikimedia Mediawiki - CheckUser Extension 安全漏洞

Wikimedia Mediawiki - CheckUser Extension is a Wikimedia Foundation extension for checking IP addresses. A security vulnerability exists in Wikimedia Mediawiki - CheckUser Extension versions prior to 1.39.13, prior to 1.42.7, and prior to 1.43.2, which stems from improperly escaping messages in t...

PT-2025-28243 · Mediawiki · Mediawiki

Name of the Vulnerable Software and Affected Versions: Mediawiki - CheckUser extension versions 1.39.0 through 1.39.12 Mediawiki - CheckUser extension versions 1.42.0 through 1.42.6 Mediawiki - CheckUser extension versions 1.43.0 through 1.43.1 Description: The CheckUser extension’s...

BIT-MEDIAWIKI-2024-40597

An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. It can expose suppressed information for log events. The logdeleted attribute is not respected...

CVE-2024-47221

CheckUser in ScadaServerEngine/MainLogic.cs in Rapid SCADA through 5.8.4 allows an empty password...

CVE-2024-40597

An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. It can expose suppressed information for log events. The logdeleted attribute is not respected...

CVE-2024-23172

An issue was discovered in the CheckUser extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via message definitions. e.g., in SpecialCheckUserLog...

CVE-2024-40598

An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The API can expose suppressed information for log events. The logdeleted attribute is not applied to entries...

CVE-2024-40596

An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The Special:Investigate feature can expose suppressed information for log events. TimelineService does not support properly suppressing...

CVE-2023-37303

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to block a user fails after a temporary browser hang and a DBQueryDisconnectedError error message...

CVE-2023-45367

An issue was discovered in the CheckUser extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. A user can use a rest.php/checkuser/v0/useragent-clienthints/revision/ URL to store an arbitrary number of rows in cuuseragentclienthints, leading to a...

CVE-2023-29139

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. When a user with checkuserlog permissions makes many CheckUserLog API requests in some configurations, denial of service can occur RequestTimeoutException or upstream request timeout...

CVE-2023-37255

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In Special:CheckUser, a check of the "get edits" type is vulnerable to HTML injection through the User-Agent HTTP request header...

CVE-2023-22912

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. CheckUser TokenManager insecurely uses AES-CTR encryption with a repeated aka re-used nonce, allowing an adversary to decrypt...