15 matches found
CVE-2021-31553
An issue was discovered in the CheckUser extension for MediaWiki through 1.35.2. MediaWiki usernames with trailing whitespace could be stored in the culog database table such that denial of service occurred for certain CheckUser extension pages and functionality. For example, the attacker could...
EUVD-2023-41205
Malicious code in bioql PyPI...
BIT-MEDIAWIKI-2021-46150
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. Special:CheckUserLog allows CheckUser XSS because of date mishandling, as demonstrated by an XSS payload in MediaWiki:October...
CVE-2023-37300
An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden users...
CVE-2023-37300
An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden users...
CVE-2023-37300
An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden users...
PT-2023-25891 · Mediawiki +1 · Mediawiki +2
Name of the Vulnerable Software and Affected Versions: MediaWiki CheckUser extension versions through 1.39.3 Description: An issue was discovered in the "CheckUserLog API" in the CheckUser extension for MediaWiki. There is incorrect access control for visibility of hidden users. Recommendations:...
PT-2023-22166 · Mediawiki +1 · Mediawiki Checkuser Extension +1
Name of the Vulnerable Software and Affected Versions: MediaWiki CheckUser extension versions through 1.39.3 Description: An issue in the CheckUser extension for MediaWiki can cause denial of service when a user with checkuserlog permissions makes many CheckUserLog API requests in certain...
MediaWiki Special:CheckUserLog Cross-Site Scripting Vulnerability
MediaWiki is a free and free-to-use web-based wiki engine from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems.A cross-site scripting vulnerability exists in MediaWiki, which stems from the product's Special:CheckUserLog...
CVE-2021-46150
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. Special:CheckUserLog allows CheckUser XSS because of date mishandling, as demonstrated by an XSS payload in MediaWiki:October...
CVE-2021-46150
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. Special:CheckUserLog allows CheckUser XSS because of date mishandling, as demonstrated by an XSS payload in MediaWiki:October...
Cross site scripting
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. Special:CheckUserLog allows CheckUser XSS because of date mishandling, as demonstrated by an XSS payload in MediaWiki:October...
MediaWiki 跨站脚本漏洞
MediaWiki is a free and free-to-use web-based wiki engine from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems.A cross-site scripting vulnerability exists in MediaWiki, which stems from the product's Special:CheckUserLog...
CVE-2021-46150
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. Special:CheckUserLog allows CheckUser XSS because of date mishandling, as demonstrated by an XSS payload in MediaWiki:October...
PT-2022-12584 · Mediawiki +1 · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.35.5 MediaWiki versions 1.36.x prior to 1.36.3 MediaWiki versions 1.37.x prior to 1.37.1 Description: An issue in MediaWiki allows for XSS due to date mishandling in Special:CheckUserLog, as demonstrated by an XS...