Lucene search
K

15 matches found

NVD
NVD
added yesterday4 views

CVE-2026-58037

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Language/Language.Php, includes/Logging/BlockLogFormatter.Php, includes/Logging/LogFormatter.Php,...

Exploits0References1
Cvelist
Cvelist
added yesterday4 views

CVE-2026-58037 Core log entries for exceptions and XSS issues in log entry formatting code that may be caused by user-controlled input

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Language/Language.Php, includes/Logging/BlockLogFormatter.Php, includes/Logging/LogFormatter.Php,...

Exploits0References1
Snyk
Snyk
added 2025/09/17 3:30 p.m.2 views

Log Injection

Overview io.jenkins.lib:support-log-formatter is a Java logging formatter extracted to a standalone library. Affected versions of this package are vulnerable to Log Injection in the transformMessage function. An attacker can control log message contents by inserting line break characters CR, LF a...

6.9CVSS6.8AI score0.00335EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.2 views

Malicious code in json_log_formatter (npm)

The package jsonlogformatter was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.1 views

MAL-2025-23960 Malicious code in json_log_formatter (npm)

The package jsonlogformatter was found to contain malicious code...

7.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/07 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2023-36675

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4. BlockLogFormatter.php in BlockLogFormatter...

6.1CVSS6.3AI score0.00829EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/07 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2020-35478

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. MediaWiki:blanknamespace potentially can be output as raw HTML with SCRIPT tags via...

6.1CVSS6.7AI score0.01353EPSS
Exploits1References2
OSV
OSV
added 2023/12/22 2:15 a.m.0 views

UBUNTU-CVE-2023-51704

An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. In includes/logging/RightsLogFormatter.php, group--member messages can result in XSS on Special:log/rights...

6.1CVSS5.8AI score0.00681EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/12/22 12:0 a.m.15 views

MediaWiki Security Breach

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. A security vulnerability exists in MediaWiki, which stems from a cross-site scripting XSS...

6.1CVSS5.8AI score0.00681EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/06/25 12:0 a.m.3 views

PT-2023-8923 · Mediawiki +2 · Mediawiki +2

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.35.11 MediaWiki versions 1.36.x through 1.38.x before 1.38.7 MediaWiki versions 1.39.x before 1.39.4 MediaWiki versions 1.40.x before 1.40.1 Description: The issue is related to a possibility of using XSS in the...

9.8CVSS5.5AI score0.22699EPSS
Exploits27References124
CNVD
CNVD
added 2020/12/24 12:0 a.m.2 views

MediaWiki cross-site scripting vulnerability (CNVD-2020-74052)

MediaWiki is a set of free and freely available web-based Wiki engines from the MediaWiki Wikimedia Foundation in the United States. It can be used to deploy in-house knowledge management and content management systems. A cross-site scripting vulnerability exists in MediaWiki before version 1.35....

6.1CVSS5.6AI score0.01353EPSS
Exploits1References1
OSV
OSV
added 2020/12/18 8:15 a.m.2 views

DEBIAN-CVE-2020-35479

MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. Language::translateBlockExpiry itself does not escape in all code paths. For example, the return of Language::userTimeAndDate is is always unsafe for HTML in a month value. This affects MediaWiki 1.12.0 and later...

6.1CVSS6.4AI score0.01476EPSS
Exploits1References1
OSV
OSV
added 2020/12/18 8:15 a.m.0 views

UBUNTU-CVE-2020-35478

MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. MediaWiki:blanknamespace potentially can be output as raw HTML with SCRIPT tags via LogFormatter::makePageLink. This affects MediaWiki 1.33.0 and later...

6.1CVSS7.1AI score0.01353EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2020/01/03 5:15 p.m.33 views

CVE-2012-4451

Multiple cross-site scripting XSS vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to 1 Debug, 2 Feed\PubSubHubbub, 3 Log\Formatter\Xml, 4 Tag\Cloud\Decorator, 5 Uri, 6 View\Helper\HeadStyle, 7...

6.1CVSS6.4AI score0.01367EPSS
Exploits0References1
OSV
OSV
added 2020/01/03 5:15 p.m.21 views

UBUNTU-CVE-2012-4451

Multiple cross-site scripting XSS vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to 1 Debug, 2 Feed\PubSubHubbub, 3 Log\Formatter\Xml, 4 Tag\Cloud\Decorator, 5 Uri, 6 View\Helper\HeadStyle, 7...

6.1CVSS6.5AI score0.01367EPSS
Exploits0References2
Rows per page
Query Builder