303 matches found
MediaWiki 安全漏洞
MediaWiki is a set of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems.CheckUser extension is one of the user information checking extensions. A security vulnerability...
CVE-2023-37303
An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to block a user fails after a temporary browser hang and a DBQueryDisconnectedError error message...
MediaWiki 安全漏洞
MediaWiki is a set of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems.CheckUser extension is one of the user information checking extensions. A security vulnerability...
CVE-2023-37303
An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to block a user fails after a temporary browser hang and a DBQueryDisconnectedError error message...
CVE-2023-37300
An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden users...
CVE-2023-37303
CVE-2023-37303 affects MediaWiki’s CheckUser extension up to 1.39.3, where attempting to block a user can hang the browser and trigger a DBQueryDisconnectedError, potentially impacting availability of user-blocking functionality. Connected advisories corroborate a vulnerability in MediaWiki-relat...
CVE-2023-37300
Connected document EUVD-2023-41205 (BIT-MEDIAWIKI-2023-37300) confirms CVE-2023-37300 relates to the CheckUserLog API in the MediaWiki CheckUser extension, with an incorrect access control that leaks visibility of hidden users. Affected scope: MediaWiki with the CheckUser extension up to at least...
PT-2023-25894 · Mediawiki +1 · Mediawiki Checkuser Extension +1
Name of the Vulnerable Software and Affected Versions: CheckUser extension for MediaWiki versions through 1.39.3 Description: An issue was discovered in certain situations where an attempt to block a user fails after a temporary browser hang and a DBQueryDisconnectedError error message...
PT-2023-25891 · Mediawiki +1 · Mediawiki +2
Name of the Vulnerable Software and Affected Versions: MediaWiki CheckUser extension versions through 1.39.3 Description: An issue was discovered in the "CheckUserLog API" in the CheckUser extension for MediaWiki. There is incorrect access control for visibility of hidden users. Recommendations:...
CVE-2023-37255
An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In Special:CheckUser, a check of the "get edits" type is vulnerable to HTML injection through the User-Agent HTTP request header...
CVE-2023-37255
An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In Special:CheckUser, a check of the "get edits" type is vulnerable to HTML injection through the User-Agent HTTP request header...
CVE-2023-37255
An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In Special:CheckUser, a check of the "get edits" type is vulnerable to HTML injection through the User-Agent HTTP request header...
Design/Logic Flaw
An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In Special:CheckUser, a check of the "get edits" type is vulnerable to HTML injection through the User-Agent HTTP request header...
CVE-2023-37255
CVE-2023-37255 concerns the MediaWiki CheckUser extension (up to 1.39.3). In Special:CheckUser, the check of type “get edits” is vulnerable to HTML injection via the User-Agent HTTP header . The vulnerability’s impact is limited to scenarios where user-supplied User-Agent data influences the HTML...
MediaWiki 跨站脚本漏洞
MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. A security vulnerability exists in MediaWiki version 1.39.3, which stems from an issue discovered...
PT-2023-25858 · Mediawiki +1 · Checkuser Extension +1
Name of the Vulnerable Software and Affected Versions: CheckUser extension for MediaWiki versions through 1.39.3 Description: An issue in the CheckUser extension for MediaWiki allows HTML injection through the User-Agent HTTP request header in Special:CheckUser when performing a "get edits" type...
CVE-2023-29139
An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. When a user with checkuserlog permissions makes many CheckUserLog API requests in some configurations, denial of service can occur RequestTimeoutException or upstream request timeout...
CVE-2023-29139
An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. When a user with checkuserlog permissions makes many CheckUserLog API requests in some configurations, denial of service can occur RequestTimeoutException or upstream request timeout...
Design/Logic Flaw
An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. When a user with checkuserlog permissions makes many CheckUserLog API requests in some configurations, denial of service can occur RequestTimeoutException or upstream request timeout...
CVE-2023-29139
An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. When a user with checkuserlog permissions makes many CheckUserLog API requests in some configurations, denial of service can occur RequestTimeoutException or upstream request timeout...