14 matches found
Fedora 39 : mediawiki (2023-7e9d6015f6)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-7e9d6015f6 advisory. https://lists.wikimedia.org/hyperkitty/list/mediawiki- [email protected]/thread/H46H5ZYZG2PYUQ5STK7NWKF7GXYW7H6B/ Tenable has extracted t...
Fedora 37 : mediawiki (2023-d8ae3c122e)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-d8ae3c122e advisory. https://lists.wikimedia.org/hyperkitty/list/mediawiki- [email protected]/thread/H46H5ZYZG2PYUQ5STK7NWKF7GXYW7H6B/ Tenable has extracted t...
Fedora 38 : mediawiki (2023-1fcaba0998)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-1fcaba0998 advisory. https://lists.wikimedia.org/hyperkitty/list/mediawiki- [email protected]/thread/H46H5ZYZG2PYUQ5STK7NWKF7GXYW7H6B/ Tenable has extracted t...
Mageia: Security Advisory (MGASA-2023-0241)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated mediawiki packages fix security vulnerability
guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are subject to improper header parsing. An attacker could sneak in a newline \n into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many...
MediaWiki < 1.35.11, 1.36.x < 1.38.7, 1.39.x < 1.39.4 Multiple Vulnerabilities - Linux
MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mediawiki:mediawiki"; ifdescripti...
MediaWiki < 1.35.11, 1.36.x < 1.38.7, 1.39.x < 1.39.4 Multiple Vulnerabilities - Windows
MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mediawiki:mediawiki"; ifdescripti...
FreeBSD : mediawiki -- multiple vulnerabilities (95dad123-180e-11ee-86ba-080027eda32c)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 95dad123-180e-11ee-86ba-080027eda32c advisory. - guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are...
CVE-2023-36675
An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature...
CVE-2023-36675
An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature...
DEBIAN-CVE-2023-36675
An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature...
CVE-2023-36675
An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature...
CVE-2023-36675
MediaWiki contains an XSS vulnerability in BlockLogFormatter.php affecting versions before 1.35.11, 1.36.x up to 1.38.x before 1.38.7, and 1.39.x before 1.39.4. The issue is triggered by the partial blocks feature. Remediation per advisories is to upgrade to fixed releases (e.g., 1.38.7 or 1.39.4...
mediawiki -- multiple vulnerabilities
Mediawiki reports: T335203, CVE-2023-29197 Upgrade guzzlehttp/psr7 to = 1.9.1/2.4.5. T335612, CVE-2023-36674 Manualthumb bypasses badFile lookup. T332889, CVE-2023-36675 XSS in BlockLogFormatter due to unsafe message use...