15 matches found
CVE-2026-58037
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Language/Language.Php, includes/Logging/BlockLogFormatter.Php, includes/Logging/LogFormatter.Php,...
CVE-2026-58037 Core log entries for exceptions and XSS issues in log entry formatting code that may be caused by user-controlled input
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Language/Language.Php, includes/Logging/BlockLogFormatter.Php, includes/Logging/LogFormatter.Php,...
Log Injection
Overview io.jenkins.lib:support-log-formatter is a Java logging formatter extracted to a standalone library. Affected versions of this package are vulnerable to Log Injection in the transformMessage function. An attacker can control log message contents by inserting line break characters CR, LF a...
Malicious code in json_log_formatter (npm)
The package jsonlogformatter was found to contain malicious code...
MAL-2025-23960 Malicious code in json_log_formatter (npm)
The package jsonlogformatter was found to contain malicious code...
Linux Distros Unpatched Vulnerability : CVE-2023-36675
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4. BlockLogFormatter.php in BlockLogFormatter...
Linux Distros Unpatched Vulnerability : CVE-2020-35478
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. MediaWiki:blanknamespace potentially can be output as raw HTML with SCRIPT tags via...
UBUNTU-CVE-2023-51704
An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. In includes/logging/RightsLogFormatter.php, group--member messages can result in XSS on Special:log/rights...
MediaWiki Security Breach
MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. A security vulnerability exists in MediaWiki, which stems from a cross-site scripting XSS...
PT-2023-8923 · Mediawiki +2 · Mediawiki +2
Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.35.11 MediaWiki versions 1.36.x through 1.38.x before 1.38.7 MediaWiki versions 1.39.x before 1.39.4 MediaWiki versions 1.40.x before 1.40.1 Description: The issue is related to a possibility of using XSS in the...
MediaWiki cross-site scripting vulnerability (CNVD-2020-74052)
MediaWiki is a set of free and freely available web-based Wiki engines from the MediaWiki Wikimedia Foundation in the United States. It can be used to deploy in-house knowledge management and content management systems. A cross-site scripting vulnerability exists in MediaWiki before version 1.35....
DEBIAN-CVE-2020-35479
MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. Language::translateBlockExpiry itself does not escape in all code paths. For example, the return of Language::userTimeAndDate is is always unsafe for HTML in a month value. This affects MediaWiki 1.12.0 and later...
UBUNTU-CVE-2020-35478
MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. MediaWiki:blanknamespace potentially can be output as raw HTML with SCRIPT tags via LogFormatter::makePageLink. This affects MediaWiki 1.33.0 and later...
CVE-2012-4451
Multiple cross-site scripting XSS vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to 1 Debug, 2 Feed\PubSubHubbub, 3 Log\Formatter\Xml, 4 Tag\Cloud\Decorator, 5 Uri, 6 View\Helper\HeadStyle, 7...
UBUNTU-CVE-2012-4451
Multiple cross-site scripting XSS vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to 1 Debug, 2 Feed\PubSubHubbub, 3 Log\Formatter\Xml, 4 Tag\Cloud\Decorator, 5 Uri, 6 View\Helper\HeadStyle, 7...