Lucene search
K

7 matches found

Cvelist
Cvelist
added 2025/04/24 8:49 p.m.43 views

CVE-2025-43861 ManageWiki Vulnerable to Self-XSS in review dialog via unsanitized field reflection

ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 2f177dc, ManageWiki is vulnerable to reflected or stored XSS in the review dialog. A logged-in attacker must change a form field to include a malicious payload. If that same user then opens the "Review Changes"...

4.4CVSS0.00214EPSS
Exploits1References2
CVE
CVE
added 2025/04/24 8:49 p.m.64 views

CVE-2025-43861

ManageWiki (a MediaWiki extension) is affected by a self‑XSS vulnerability in the review changes dialog. Before commit 2f177dc, an authenticated user can alter a form field to inject a payload, which is then executed when the user opens the Review Changes dialog. The issue has been patched in com...

5.4CVSS4.4AI score0.00214EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/04/24 12:0 a.m.5 views

PT-2025-17856 · Mediawiki · Managewiki

Name of the Vulnerable Software and Affected Versions: ManageWiki versions prior to commit 2f177dc Description: The issue concerns a reflected or stored XSS vulnerability in the review dialog of ManageWiki, a MediaWiki extension. An attacker with a logged-in session can exploit this by modifying ...

4.4CVSS5.5AI score0.00214EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2025/04/22 5:15 p.m.5 views

CVE-2025-32964 ManageWiki vulnerable to permission bypass when disabling extensions requiring certain permissions in Special:ManageWiki/extensions

ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 00bebea, when enabling a conflicting extension, a restricted extension would be automatically disabled even if the user did not hold the ManageWiki-restricted right. This issue has been patched in commit 00bebea. ...

4.6CVSS6.9AI score0.00182EPSS
Exploits0References2
CVE
CVE
added 2025/04/22 5:15 p.m.58 views

CVE-2025-32964

CVE-2025-32964 affects the ManageWiki MediaWiki extension. The root cause: before commit 00bebea, enabling a conflicting extension could cause a restricted extension to be auto-disabled even if the user lacked the ManageWiki-restricted right. The issue has been patched in commit 00bebea. Practica...

4.6CVSS4.6AI score0.00182EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2025/04/21 9:15 p.m.7 views

CVE-2025-32956

ManageWiki is a MediaWiki extension allowing users to manage wikis. Versions before commit f504ed8, are vulnerable to SQL injection when renaming a namespace in Special:ManageWiki/namespaces when using a page prefix namespace name, which is the current namespace you are renaming with an injection...

8CVSS0.00547EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/04/21 8:45 p.m.5 views

CVE-2025-32956 ManageWiki has SQL injection vulnerability in NamespaceMigrationJob

ManageWiki is a MediaWiki extension allowing users to manage wikis. Versions before commit f504ed8, are vulnerable to SQL injection when renaming a namespace in Special:ManageWiki/namespaces when using a page prefix namespace name, which is the current namespace you are renaming with an injection...

8CVSS7.7AI score0.00547EPSS
Exploits1References2
Rows per page
Query Builder