13 matches found
CVE-2024-47816
ImportDump is a mediawiki extension designed to automate user import requests. A user's local actor ID is stored in the database to tell who made what requests. Therefore, if a user on another wiki happens to have the same actor ID as someone on the central wiki, the user on the other wiki can ac...
CVE-2024-47812
ImportDump is an extension for mediawiki designed to automate user import requests. Anyone who can edit the interface strings of a wiki typically administrators and interface admins can embed XSS payloads in the messages for dates, and thus XSS anyone who views Special:RequestImportQueue. This...
CVE-2024-47816 Users can impersonate import requesters if their actor IDs coincide in ImportDump
ImportDump is a mediawiki extension designed to automate user import requests. A user's local actor ID is stored in the database to tell who made what requests. Therefore, if a user on another wiki happens to have the same actor ID as someone on the central wiki, the user on the other wiki can ac...
CVE-2024-47816 Users can impersonate import requesters if their actor IDs coincide in ImportDump
ImportDump is a mediawiki extension designed to automate user import requests. A user's local actor ID is stored in the database to tell who made what requests. Therefore, if a user on another wiki happens to have the same actor ID as someone on the central wiki, the user on the other wiki can ac...
CVE-2024-47816 Users can impersonate import requesters if their actor IDs coincide in ImportDump
ImportDump is a mediawiki extension designed to automate user import requests. A user's local actor ID is stored in the database to tell who made what requests. Therefore, if a user on another wiki happens to have the same actor ID as someone on the central wiki, the user on the other wiki can ac...
CVE-2024-47816
CVE-2024-47816 affects the ImportDump MediaWiki extension. The root issue is that a user’s local actor ID is stored in the database, enabling a user on a different wiki with the same actor ID to impersonate the original requester. This can be abused to create new comments, edit the request, and v...
CVE-2024-47812 Cross-site Scripting (XSS) on Special:RequestImportQueue when displaying request date in ImportDump
ImportDump is an extension for mediawiki designed to automate user import requests. Anyone who can edit the interface strings of a wiki typically administrators and interface admins can embed XSS payloads in the messages for dates, and thus XSS anyone who views Special:RequestImportQueue. This...
CVE-2024-47812 Cross-site Scripting (XSS) on Special:RequestImportQueue when displaying request date in ImportDump
ImportDump is an extension for mediawiki designed to automate user import requests. Anyone who can edit the interface strings of a wiki typically administrators and interface admins can embed XSS payloads in the messages for dates, and thus XSS anyone who views Special:RequestImportQueue. This...
CVE-2024-47812
CVE-2024-47812 affects the ImportDump extension for MediaWiki. The root issue allows users who can edit wiki interface strings (typically admins) to embed XSS payloads in date-related messages, affecting viewers of Special:RequestImportQueue. A fix has been committed in d054b95 and users are advi...
CVE-2024-47812 Cross-site Scripting (XSS) on Special:RequestImportQueue when displaying request date in ImportDump
ImportDump is an extension for mediawiki designed to automate user import requests. Anyone who can edit the interface strings of a wiki typically administrators and interface admins can embed XSS payloads in the messages for dates, and thus XSS anyone who views Special:RequestImportQueue. This...
ImportDump 安全漏洞
ImportDump is an open source application from Miraheze. A security vulnerability exists in ImportDump, which stems from the fact that a user on another wiki can act as the original wiki requester if the user on the other wiki happens to have the same participant ID as a user on this wiki...
ImportDump 安全漏洞
ImportDump is an open source application from Miraheze. A security vulnerability exists in ImportDump, which stems from the fact that anyone who can edit wiki interface strings can embed cross-site scripting in date messages...
PT-2024-32824 · Mediawiki · Importdump
Name of the Vulnerable Software and Affected Versions: ImportDump extension for mediawiki affected versions not specified Description: The issue allows anyone who can edit the interface strings of a wiki, typically administrators and interface admins, to embed XSS payloads in the messages for...