Lucene search
+L

38 matches found

CNNVD
CNNVD
added 2023/07/20 12:0 a.m.7 views

Cockpit CMS 安全漏洞

Cockpit is an interactive server management interface. A security vulnerability exists in Cockpit CMS version 2.5.2, which stems from an improper access control issue in component/models/Content that could allow an unauthorized attacker to access sensitive data...

7.5CVSS7.3AI score0.00746EPSS
Exploits1References3
OSV
OSV
added 2022/12/26 6:15 a.m.3 views

DEBIAN-CVE-2021-44856

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. A title blocked by AbuseFilter can be created via Special:ChangeContentModel due to the mishandling of the EditFilterMergedContent hook return value...

5.3CVSS5.3AI score0.00493EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/12/19 12:0 a.m.7 views

PT-2022-4988 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions 1.35.5 and earlier, 1.36.x before 1.36.3, 1.37.x before 1.37.1 Description: The issue is related to the mishandling of the EditFilterMergedContent hook return value in the Special:ChangeContentModel function. This can allow...

10CVSS5.9AI score0.0182EPSS
Exploits7References79
CNNVD
CNNVD
added 2021/08/12 12:0 a.m.5 views

YUNUCMS 跨站脚本漏洞

YUNUCMS is a website CMS. A cross-site scripting vulnerability exists in YUNUCMS 1.1.9, which originates from the param parameter in the insertContent function in ContentModel.php...

4.8CVSS4.8AI score0.00527EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2021/06/23 12:0 a.m.6 views

The vulnerability of the ContentModelChange function in the software for implementing a hypertext environment like MediaWiki allows attackers to compromise the integrity of the protected information.

The vulnerability of the ContentModelChange function in the MediaWiki software, which is used to implement the hypertext environment, relates to the absence of authentication. Exploiting this vulnerability could allow a malicious actor, operating remotely, to compromise the integrity of the...

4.3CVSS5.8AI score0.01212EPSS
Exploits1References7Affected Software5
OSV
OSV
added 2021/04/09 7:15 a.m.27 views

CVE-2021-30155

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. ContentModelChange does not check if a user has correct permissions to create and set the content model of a nonexistent page...

4.3CVSS7.4AI score
Exploits0References7
OSV
OSV
added 2021/04/09 7:15 a.m.2 views

DEBIAN-CVE-2021-30155

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. ContentModelChange does not check if a user has correct permissions to create and set the content model of a nonexistent page...

4.3CVSS5.4AI score0.01212EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2021/04/09 7:15 a.m.29 views

CVE-2021-30155

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. ContentModelChange does not check if a user has correct permissions to create and set the content model of a nonexistent page...

4.3CVSS6.3AI score0.01212EPSS
Exploits1References3
Cvelist
Cvelist
added 2021/04/09 6:9 a.m.28 views

CVE-2021-30155

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. ContentModelChange does not check if a user has correct permissions to create and set the content model of a nonexistent page...

5.9AI score0.01212EPSS
Exploits1References7
CVE
CVE
added 2021/04/09 6:9 a.m.112 views

CVE-2021-30155

Mode C: CVE-2021-30155 affects MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Root cause: ContentModelChange does not verify permissions when creating/setting the content model on a nonexistent page. Impact: could allow a user to manipulate content model beyond their permission...

4.3CVSS5.4AI score0.01212EPSS
Exploits1References7Affected Software1
CNNVD
CNNVD
added 2021/04/09 12:0 a.m.4 views

MediaWiki 访问控制错误漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in MediaWiki version 1.31.12 and versions prior to 1.32.x series 1.35.x...

4.3CVSS5.6AI score0.01212EPSS
Exploits1References14
Positive Technologies
Positive Technologies
added 2021/04/09 12:0 a.m.4 views

PT-2021-3351 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions 1.31.12 and earlier MediaWiki versions 1.32.x through 1.35.x before 1.35.2 Description: The issue is related to the ContentModelChange function in MediaWiki, which lacks proper authorization. This allows a remote attacker t...

9.8CVSS6AI score0.03906EPSS
Exploits18References99
Tenable Nessus
Tenable Nessus
added 2017/04/17 12:0 a.m.53 views

Fedora 25 : mediawiki (2017-3fb95ed01f)

T109140 T122209 Special:UserLogin and Special:Search allow redirect to interwiki links. CVE-2017-0363, CVE-2017-0364 - T144845 XSS in SearchHighlighter::highlightText when $wgAdvancedSearchHighlighting is true. CVE-2017-0365 - T125177 API parameters may now be marked as 'sensitive' to keep their...

9.8CVSS6.5AI score0.11653EPSS
Exploits6References12
Mageia
Mageia
added 2017/04/16 6:29 a.m.64 views

Updated mediawiki packages fix security vulnerability

API parameters may now be marked as "sensitive" to keep their values out of the logs CVE-2017-0361. "Mark all pages visited" on the watchlist now requires a CSRF token CVE-2017-0362. Special:UserLogin and Special:Search allow redirect to interwiki links CVE-2017-0363, CVE-2017-0364. XSS in...

8.8CVSS1.2AI score0.01525EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2015/01/04 9:59 p.m.21 views

CVE-2014-9507

MediaWiki 1.21.x, 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgContentHandlerUseDB is enabled, allows remote attackers to conduct cross-site scripting XSS attacks by setting the content model for a revision to JS...

2.6CVSS7.2AI score0.00955EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2014/12/19 12:0 a.m.46 views

MediaWiki < 1.19.22 / 1.22.14 / 1.23.7 Multiple Vulnerabilities

According to its version number, the MediaWiki application running on the remote host is affected by the following vulnerabilities : - An input validation error exists related to handling previews of wikitext that allows cross-site scripting attacks. CVE-2014-9276 - An input validation error exis...

7.5CVSS7.7AI score0.01965EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2014/12/15 12:0 a.m.23 views

Fedora 19 : mediawiki-1.23.7-1.fc19 (2014-16020)

http://www.mediawiki.org/wiki/Releasenotes/1.23MediaWiki1.23.7 - bug 66776, bug 71478 SECURITY: User PleaseStand reported a way to inject code into API clients that used format=php to process pages that underwent flash policy mangling. This was fixed along with improving how the mangling was done...

5.5AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2014/12/15 12:0 a.m.27 views

Fedora 20 : mediawiki-1.23.7-1.fc20 (2014-16033)

http://www.mediawiki.org/wiki/Releasenotes/1.23MediaWiki1.23.7 - bug 66776, bug 71478 SECURITY: User PleaseStand reported a way to inject code into API clients that used format=php to process pages that underwent flash policy mangling. This was fixed along with improving how the mangling was done...

5.5AI score
Exploits0References2
Rows per page
Query Builder