50 matches found
EUVD-2024-34996
Malicious code in bioql PyPI...
EUVD-2022-29613
Malicious code in bioql PyPI...
EUVD-2024-26877
Malicious code in bioql PyPI...
EUVD-2024-42685
Malicious code in bioql PyPI...
CVE-2024-34701
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users to be considered as the requester of a specific wiki request if their local user ID on any wiki in a wiki farm matches the local ID of the requester at the wiki where the wiki request was made...
CVE-2024-29897
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users with delete or suppressrevision on any wiki in the farm to access suppressed wiki requests by going to the request's entry on Special:RequestWikiQueue on the wiki where they have these rights. T...
CVE-2024-29898
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. An oversight during the writing of the patch for CVE-2024-29897 may have exposed suppressed wiki requests to private wikis that added Special:RequestWikiQueue to the read whitelist to users without the read permission...
CVE-2022-24813
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. Without the patch for this issue, anonymous comments can be made using Special:RequestWikiQueue when sent directly via POST. A patch for this issue is available in the master branch of CreateWiki's GitHub repository...
CVE-2024-47781
CreateWiki is an extension used at Miraheze for requesting & creating wikis. The name of requested wikis is not escaped on Special:RequestWikiQueue, so a user can insert arbitrary HTML that is displayed in the request wiki queue when requesting a wiki. If a wiki creator comes across the XSS...
CVE-2024-47782
WikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis. Special:WikiDiscover is a special page that lists all wikis on the wiki farm. However, the special page does not make any effort to escape the wiki name or description. Therefore, if a wiki sets its nam...
CVE-2024-47781 Cross-site Scripting (XSS) in Special:RequestWikiQueue when displaying sitename in CreateWiki
CreateWiki is an extension used at Miraheze for requesting & creating wikis. The name of requested wikis is not escaped on Special:RequestWikiQueue, so a user can insert arbitrary HTML that is displayed in the request wiki queue when requesting a wiki. If a wiki creator comes across the XSS...
CVE-2024-47781 Cross-site Scripting (XSS) in Special:RequestWikiQueue when displaying sitename in CreateWiki
CreateWiki is an extension used at Miraheze for requesting & creating wikis. The name of requested wikis is not escaped on Special:RequestWikiQueue, so a user can insert arbitrary HTML that is displayed in the request wiki queue when requesting a wiki. If a wiki creator comes across the XSS...
CVE-2024-47781
The CVE-2024-47781 issue affects the CreateWiki extension used on Miraheze. It is a cross-site scripting vulnerability where the wiki name on Special:RequestWikiQueue is not escaped, allowing insertion of arbitrary HTML that is displayed in the request wiki queue. If a wiki creator encounters the...
CVE-2024-47781 Cross-site Scripting (XSS) in Special:RequestWikiQueue when displaying sitename in CreateWiki
CreateWiki is an extension used at Miraheze for requesting & creating wikis. The name of requested wikis is not escaped on Special:RequestWikiQueue, so a user can insert arbitrary HTML that is displayed in the request wiki queue when requesting a wiki. If a wiki creator comes across the XSS...
CVE-2024-47782 Cross-site Scripting (XSS) in Special:WikiDiscover when displaying wiki information in WikiDiscover
WikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis. Special:WikiDiscover is a special page that lists all wikis on the wiki farm. However, the special page does not make any effort to escape the wiki name or description. Therefore, if a wiki sets its nam...
CVE-2024-47782 Cross-site Scripting (XSS) in Special:WikiDiscover when displaying wiki information in WikiDiscover
WikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis. Special:WikiDiscover is a special page that lists all wikis on the wiki farm. However, the special page does not make any effort to escape the wiki name or description. Therefore, if a wiki sets its nam...
CVE-2024-47782 Cross-site Scripting (XSS) in Special:WikiDiscover when displaying wiki information in WikiDiscover
WikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis. Special:WikiDiscover is a special page that lists all wikis on the wiki farm. However, the special page does not make any effort to escape the wiki name or description. Therefore, if a wiki sets its nam...
WikiDiscover 安全漏洞
WikiDiscover is a Miraheze open source extension for CreateWiki hosted farms. A security vulnerability exists in WikiDiscover that stems from not performing any escaping of the wiki's name or description. An attacker exploited the vulnerability to perform a cross-site scripting attack...
CreateWiki 跨站脚本漏洞
CreateWiki is an extension to the Miraheze open source. A cross-site scripting vulnerability exists in CreateWiki. An attacker exploiting this vulnerability could retrieve deleted wiki requests, which often contain sensitive information...
PT-2024-32813 · Mediawiki · Createwiki
Name of the Vulnerable Software and Affected Versions: CreateWiki affected versions not specified Description: The issue concerns the CreateWiki extension used for requesting and creating wikis, where the name of requested wikis is not properly escaped on the Special:RequestWikiQueue page. This...