8 matches found
CVE-2022-28201
An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Users with the editinterface permission can trigger infinite recursion, because a bare local interwiki is mishandled for the mainpage message...
Debian DSA-5246-1 : mediawiki - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5246 advisory. - An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Users with the editinterface permission can trigger infinite...
[SECURITY] [DLA 3117-1] mediawiki security update
Debian LTS Advisory DLA-3117-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany September 22, 2022 https://wiki.debian.org/LTS Package : mediawiki Version : 1:1.31.16-1+deb10u3 CVE ID : CVE-2021-44856 CVE-2022-28201 CVE-2022-28202 CVE-2022-28203 CVE-2022-34911...
CVE-2022-28201
CVE-2022-28201 affects MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The root cause is an infinite recursion triggered when a user with editinterface permission mishandles a bare local interwiki for the mainpage message. This can lead to a denial of service via recursio...
Mageia: Security Advisory (MGASA-2022-0145)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated mediawiki packages fix security vulnerability
Title::newMainPage goes into an infinite recursion loop if it points to a local interwiki CVE-2022-28201. Messages widthheight/widthheightpage/nbytes not escaped when used in galleries or Special:RevisionDelete CVE-2022-28202. Requesting Special:NewFiles on a wiki with many file uploads with acto...
FreeBSD : mediawiki -- multiple vulnerabilities (79ea6066-b40e-11ec-8b93-080027b24e86)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 79ea6066-b40e-11ec-8b93-080027b24e86 advisory. - An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x...
mediawiki -- multiple vulnerabilities
Mediawiki reports: T297543, CVE-2022-28202 Messages widthheight/widthheightpage/nbytes not escaped when used in galleries or Special:RevisionDelete. T297571, CVE-2022-28201 Title::newMainPage goes into an infinite recursion loop if it points to a local interwiki. T297731, CVE-2022-28203 Requestin...