7 matches found
CVE-2025-43861 ManageWiki Vulnerable to Self-XSS in review dialog via unsanitized field reflection
ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 2f177dc, ManageWiki is vulnerable to reflected or stored XSS in the review dialog. A logged-in attacker must change a form field to include a malicious payload. If that same user then opens the "Review Changes"...
CVE-2025-43861
ManageWiki (a MediaWiki extension) is affected by a self‑XSS vulnerability in the review changes dialog. Before commit 2f177dc, an authenticated user can alter a form field to inject a payload, which is then executed when the user opens the Review Changes dialog. The issue has been patched in com...
PT-2025-17856 · Mediawiki · Managewiki
Name of the Vulnerable Software and Affected Versions: ManageWiki versions prior to commit 2f177dc Description: The issue concerns a reflected or stored XSS vulnerability in the review dialog of ManageWiki, a MediaWiki extension. An attacker with a logged-in session can exploit this by modifying ...
CVE-2025-32964 ManageWiki vulnerable to permission bypass when disabling extensions requiring certain permissions in Special:ManageWiki/extensions
ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 00bebea, when enabling a conflicting extension, a restricted extension would be automatically disabled even if the user did not hold the ManageWiki-restricted right. This issue has been patched in commit 00bebea. ...
CVE-2025-32964
CVE-2025-32964 affects the ManageWiki MediaWiki extension. The root cause: before commit 00bebea, enabling a conflicting extension could cause a restricted extension to be auto-disabled even if the user lacked the ManageWiki-restricted right. The issue has been patched in commit 00bebea. Practica...
CVE-2025-32956
ManageWiki is a MediaWiki extension allowing users to manage wikis. Versions before commit f504ed8, are vulnerable to SQL injection when renaming a namespace in Special:ManageWiki/namespaces when using a page prefix namespace name, which is the current namespace you are renaming with an injection...
CVE-2025-32956 ManageWiki has SQL injection vulnerability in NamespaceMigrationJob
ManageWiki is a MediaWiki extension allowing users to manage wikis. Versions before commit f504ed8, are vulnerable to SQL injection when renaming a namespace in Special:ManageWiki/namespaces when using a page prefix namespace name, which is the current namespace you are renaming with an injection...