19 matches found
CVE-2025-62656
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation MediaWiki GlobalBlocking extension allows Stored XSS.This issue affects MediaWiki GlobalBlocking extension: 1.43, 1.44...
CVE-2025-62656 GlobalBlocking Special:GlobalBlockList vulnerable to message key stored XSS
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation MediaWiki GlobalBlocking extension allows Stored XSS.This issue affects MediaWiki GlobalBlocking extension: 1.43, 1.44...
EUVD-2020-2987
Malware in sbrugna...
EUVD-2012-4323
Malware in sbrugna...
EUVD-2025-3105
Malicious code in bioql PyPI...
CVE-2025-23073
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Mediawiki - GlobalBlocking Extension allows Retrieve Embedded Sensitive Data. This issue briefly impacted the master branch of MediaWiki’s GlobalBlocking Extension...
CVE-2024-23179
An issue was discovered in the GlobalBlocking extension in MediaWiki before 1.40.2. For a Special:GlobalBlock?uselang=x-xss URI, i18n-based XSS can occur via the parentheses message. This affects subtitle links in buildSubtitleLinks...
CVE-2025-23073
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Mediawiki - GlobalBlocking Extension allows Retrieve Embedded Sensitive Data. This issue briefly impacted the master branch of MediaWiki’s GlobalBlocking Extension...
CVE-2025-23073 API list=globalblocks can reveal IP of autoblock if username and IP are included in the bgtargets parameter
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Mediawiki - GlobalBlocking Extension allows Retrieve Embedded Sensitive Data. This issue briefly impacted the master branch of MediaWiki’s GlobalBlocking Extension...
CVE-2025-23073
CVE-2025-23073 affects the MediaWiki GlobalBlocking Extension. The vulnerability can lead to exposure of embedded sensitive data via the API (globalblocks list potentially revealing the autoblock IP when username/IP are included in the bgtargets parameter); it briefly impacted the master branch. ...
Mediawiki GlobalBlocking Extension 信息泄露漏洞
Mediawiki GlobalBlocking Extension is an extension of the Wikimedia Foundation USA. An information disclosure vulnerability exists in Mediawiki GlobalBlocking Extension, which arises from the exposure of sensitive information and allows unauthorized visitors to access embedded sensitive data...
PT-2025-4806 · Mediawiki · Mediawiki Globalblocking Extension
Name of the Vulnerable Software and Affected Versions: MediaWiki GlobalBlocking Extension affected versions not specified Description: The issue concerns an Exposure of Sensitive Information to an Unauthorized Actor, allowing the retrieval of embedded sensitive data. It briefly impacted the maste...
CVE-2024-23179
An issue was discovered in the GlobalBlocking extension in MediaWiki before 1.40.2. For a Special:GlobalBlock?uselang=x-xss URI, i18n-based XSS can occur via the parentheses message. This affects subtitle links in buildSubtitleLinks...
MediaWiki Security Breach
MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy internal knowledge management and content management systems. A security vulnerability exists in MediaWiki versions prior to 1.40.2, which stems from a cross-site...
PT-2024-2681 · Unknown +2 · Globalblocking Extension +2
Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.40.2 GlobalBlocking extension versions prior to 1.40.2 Description: The issue is related to the GlobalBlocking extension in MediaWiki, where improper input neutralization during web page creation can lead to...
MediaWiki Elevation of Privilege Vulnerability
MediaWiki is a set of free and freely available web-based Wiki engines from the MediaWiki Wikimedia Foundation in the United States. It can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in MediaWiki 1.34.0 and earlier versions with...
CVE-2020-10534
In the GlobalBlocking extension before 2020-03-10 for MediaWiki through 1.34.0, an issue related to IP range evaluation resulted in blocked users re-gaining escalated privileges. This is related to the case in which an IP address is contained in two ranges, one of which is locally disabled...
Code injection
In the GlobalBlocking extension before 2020-03-10 for MediaWiki through 1.34.0, an issue related to IP range evaluation resulted in blocked users re-gaining escalated privileges. This is related to the case in which an IP address is contained in two ranges, one of which is locally disabled...
CVE-2020-10534
In the GlobalBlocking extension before 2020-03-10 for MediaWiki through 1.34.0, an issue related to IP range evaluation resulted in blocked users re-gaining escalated privileges. This is related to the case in which an IP address is contained in two ranges, one of which is locally disabled...