41 matches found
BIT-MEDIAWIKI-2024-23179
An issue was discovered in the GlobalBlocking extension in MediaWiki before 1.40.2. For a Special:GlobalBlock?uselang=x-xss URI, i18n-based XSS can occur via the parentheses message. This affects subtitle links in buildSubtitleLinks...
CVE-2024-23179
An issue was discovered in the GlobalBlocking extension in MediaWiki before 1.40.2. For a Special:GlobalBlock?uselang=x-xss URI, i18n-based XSS can occur via the parentheses message. This affects subtitle links in buildSubtitleLinks...
Design/Logic Flaw
An issue was discovered in the GlobalBlocking extension in MediaWiki before 1.40.2. For a Special:GlobalBlock?uselang=x-xss URI, i18n-based XSS can occur via the parentheses message. This affects subtitle links in buildSubtitleLinks...
CVE-2024-23179
An issue was discovered in the GlobalBlocking extension in MediaWiki before 1.40.2. For a Special:GlobalBlock?uselang=x-xss URI, i18n-based XSS can occur via the parentheses message. This affects subtitle links in buildSubtitleLinks...
CVE-2024-23179
An issue was discovered in the GlobalBlocking extension in MediaWiki before 1.40.2. For a Special:GlobalBlock?uselang=x-xss URI, i18n-based XSS can occur via the parentheses message. This affects subtitle links in buildSubtitleLinks...
PT-2024-2681 · Unknown +2 · Globalblocking Extension +2
Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.40.2 GlobalBlocking extension versions prior to 1.40.2 Description: The issue is related to the GlobalBlocking extension in MediaWiki, where improper input neutralization during web page creation can lead to...
CVE-2024-23179
An issue was discovered in the GlobalBlocking extension in MediaWiki before 1.40.2. For a Special:GlobalBlock?uselang=x-xss URI, i18n-based XSS can occur via the parentheses message. This affects subtitle links in buildSubtitleLinks...
MediaWiki Security Breach
MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy internal knowledge management and content management systems. A security vulnerability exists in MediaWiki versions prior to 1.40.2, which stems from a cross-site...
CVE-2024-23179
CVE-2024-23179 : In MediaWiki, the GlobalBlocking extension pre-1.40.2 is vulnerable to i18n-based XSS via a Special:GlobalBlock?uselang=x-xss URI, potentially affecting subtitle links in buildSubtitleLinks due to improper input handling. Affected software: MediaWiki up to 1.40.2 and GlobalBlocki...
MediaWiki Elevation of Privilege Vulnerability
MediaWiki is a set of free and freely available web-based Wiki engines from the MediaWiki Wikimedia Foundation in the United States. It can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in MediaWiki 1.34.0 and earlier versions with...
CVE-2020-10534
In the GlobalBlocking extension before 2020-03-10 for MediaWiki through 1.34.0, an issue related to IP range evaluation resulted in blocked users re-gaining escalated privileges. This is related to the case in which an IP address is contained in two ranges, one of which is locally disabled...
CVE-2020-10534
In the GlobalBlocking extension before 2020-03-10 for MediaWiki through 1.34.0, an issue related to IP range evaluation resulted in blocked users re-gaining escalated privileges. This is related to the case in which an IP address is contained in two ranges, one of which is locally disabled...
Code injection
In the GlobalBlocking extension before 2020-03-10 for MediaWiki through 1.34.0, an issue related to IP range evaluation resulted in blocked users re-gaining escalated privileges. This is related to the case in which an IP address is contained in two ranges, one of which is locally disabled...
CVE-2020-10534
In the GlobalBlocking extension before 2020-03-10 for MediaWiki through 1.34.0, an issue related to IP range evaluation resulted in blocked users re-gaining escalated privileges. This is related to the case in which an IP address is contained in two ranges, one of which is locally disabled...
CVE-2020-10534
The CVE-2020-10534 issue affects the MediaWiki World: GlobalBlocking extension prior to 2020-03-10 and affected MediaWiki versions up to 1.34.0. The vulnerability arises from IP range evaluation where an IP address that is contained in two ranges, one of which is locally disabled, can allow block...
CVE-2020-10534
In the GlobalBlocking extension before 2020-03-10 for MediaWiki through 1.34.0, an issue related to IP range evaluation resulted in blocked users re-gaining escalated privileges. This is related to the case in which an IP address is contained in two ranges, one of which is locally disabled...
PT-2020-12190 · Wikimedia +1 · Mediawiki +2
Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.34.0 GlobalBlocking extension before 2020-03-10 Description: An issue related to IP range evaluation resulted in blocked users re-gaining escalated privileges. This is related to the case in which an IP address i...
CVE-2012-4380
MediaWiki before 1.18.5, and 1.19.x before 1.19.2 allows remote attackers to bypass GlobalBlocking extension IP address blocking and create an account via unspecified vectors...
CVE-2012-4380
CVE-2012-4380 affects MediaWiki before 1.18.5 and 1.19.x before 1.19.2, allowing remote attackers to bypass the GlobalBlocking extension IP address blocking and create an account via unspecified vectors. The connected sources consistently describe the same impact across Windows/Linux OpenVAS entr...
CVE-2012-4380
MediaWiki before 1.18.5, and 1.19.x before 1.19.2 allows remote attackers to bypass GlobalBlocking extension IP address blocking and create an account via unspecified vectors...