38 matches found
Cockpit CMS 安全漏洞
Cockpit is an interactive server management interface. A security vulnerability exists in Cockpit CMS version 2.5.2, which stems from an improper access control issue in component/models/Content that could allow an unauthorized attacker to access sensitive data...
DEBIAN-CVE-2021-44856
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. A title blocked by AbuseFilter can be created via Special:ChangeContentModel due to the mishandling of the EditFilterMergedContent hook return value...
PT-2022-4988 · Mediawiki +1 · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: MediaWiki versions 1.35.5 and earlier, 1.36.x before 1.36.3, 1.37.x before 1.37.1 Description: The issue is related to the mishandling of the EditFilterMergedContent hook return value in the Special:ChangeContentModel function. This can allow...
YUNUCMS 跨站脚本漏洞
YUNUCMS is a website CMS. A cross-site scripting vulnerability exists in YUNUCMS 1.1.9, which originates from the param parameter in the insertContent function in ContentModel.php...
The vulnerability of the ContentModelChange function in the software for implementing a hypertext environment like MediaWiki allows attackers to compromise the integrity of the protected information.
The vulnerability of the ContentModelChange function in the MediaWiki software, which is used to implement the hypertext environment, relates to the absence of authentication. Exploiting this vulnerability could allow a malicious actor, operating remotely, to compromise the integrity of the...
CVE-2021-30155
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. ContentModelChange does not check if a user has correct permissions to create and set the content model of a nonexistent page...
DEBIAN-CVE-2021-30155
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. ContentModelChange does not check if a user has correct permissions to create and set the content model of a nonexistent page...
CVE-2021-30155
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. ContentModelChange does not check if a user has correct permissions to create and set the content model of a nonexistent page...
CVE-2021-30155
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. ContentModelChange does not check if a user has correct permissions to create and set the content model of a nonexistent page...
CVE-2021-30155
Mode C: CVE-2021-30155 affects MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Root cause: ContentModelChange does not verify permissions when creating/setting the content model on a nonexistent page. Impact: could allow a user to manipulate content model beyond their permission...
MediaWiki 访问控制错误漏洞
MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in MediaWiki version 1.31.12 and versions prior to 1.32.x series 1.35.x...
PT-2021-3351 · Mediawiki +1 · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: MediaWiki versions 1.31.12 and earlier MediaWiki versions 1.32.x through 1.35.x before 1.35.2 Description: The issue is related to the ContentModelChange function in MediaWiki, which lacks proper authorization. This allows a remote attacker t...
Fedora 25 : mediawiki (2017-3fb95ed01f)
T109140 T122209 Special:UserLogin and Special:Search allow redirect to interwiki links. CVE-2017-0363, CVE-2017-0364 - T144845 XSS in SearchHighlighter::highlightText when $wgAdvancedSearchHighlighting is true. CVE-2017-0365 - T125177 API parameters may now be marked as 'sensitive' to keep their...
Updated mediawiki packages fix security vulnerability
API parameters may now be marked as "sensitive" to keep their values out of the logs CVE-2017-0361. "Mark all pages visited" on the watchlist now requires a CSRF token CVE-2017-0362. Special:UserLogin and Special:Search allow redirect to interwiki links CVE-2017-0363, CVE-2017-0364. XSS in...
CVE-2014-9507
MediaWiki 1.21.x, 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgContentHandlerUseDB is enabled, allows remote attackers to conduct cross-site scripting XSS attacks by setting the content model for a revision to JS...
MediaWiki < 1.19.22 / 1.22.14 / 1.23.7 Multiple Vulnerabilities
According to its version number, the MediaWiki application running on the remote host is affected by the following vulnerabilities : - An input validation error exists related to handling previews of wikitext that allows cross-site scripting attacks. CVE-2014-9276 - An input validation error exis...
Fedora 19 : mediawiki-1.23.7-1.fc19 (2014-16020)
http://www.mediawiki.org/wiki/Releasenotes/1.23MediaWiki1.23.7 - bug 66776, bug 71478 SECURITY: User PleaseStand reported a way to inject code into API clients that used format=php to process pages that underwent flash policy mangling. This was fixed along with improving how the mangling was done...
Fedora 20 : mediawiki-1.23.7-1.fc20 (2014-16033)
http://www.mediawiki.org/wiki/Releasenotes/1.23MediaWiki1.23.7 - bug 66776, bug 71478 SECURITY: User PleaseStand reported a way to inject code into API clients that used format=php to process pages that underwent flash policy mangling. This was fixed along with improving how the mangling was done...