17 matches found
DSA-5957-1 mediawiki - security update
Bulletin has no description...
[SECURITY] [DSA 5901-1] mediawiki security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5901-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 13, 2025 https://www.debian.org/security/faq -...
DSA-5901-1 mediawiki - security update
Bulletin has no description...
[SECURITY] [DSA 5785-1] mediawiki security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5785-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 05, 2024 https://www.debian.org/security/faq -...
[SECURITY] [DLA 3896-1] mediawiki security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3896-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk September 26, 2024 https://wiki.debian.org/LTS -...
[SECURITY] [DLA 3540-1] mediawiki security update
Debian LTS Advisory DLA-3540-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany August 23, 2023 https://wiki.debian.org/LTS Package : mediawiki Version : 1:1.31.16-1+deb10u6 CVE ID : CVE-2023-29141 An auto-block can occur for an untrusted X-Forwarded-For header in...
[SECURITY] [DLA 3489-1] mediawiki security update
Debian LTS Advisory DLA-3489-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany July 10, 2023 https://wiki.debian.org/LTS Package : mediawiki Version : 1:1.31.16-1+deb10u5 CVE ID : CVE-2022-47927 A security issue was discovered in MediaWiki, a website engine for...
MGASA-2021-0346 Updated mediawiki packages fix a security vulnerability
In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots have certain unintended API access. When a bot account has a "sitewide block" applied, it is able to still "purge" pages through the MediaWiki Action API which a "sitewide block" should have prevented...
MGASA-2020-0167 Updated mediawiki packages fix security vulnerability
Updated mediawiki packages fix security vulnerability: In MediaWiki before 1.31.7, users can add various Cascading Style Sheets CSS classes which can affect what content is shown or hidden in the user interface to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because...
MGASA-2020-0021 Updated mediawiki packages fix security vulnerability
Updated mediawiki packages fix security vulnerability: MediaWiki through 1.33.1 allows attackers to bypass the Titleblacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editi...
[ASA-201809-5] mediawiki: multiple issues
Arch Linux Security Advisory ASA-201809-5 ========================================= Severity: Medium Date : 2018-09-25 CVE-ID : CVE-2018-0503 CVE-2018-0505 CVE-2018-13258 Package : mediawiki Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-765 Summary ======= The...
MGASA-2017-0429 Updated mediawiki packages fix security vulnerabilities
XSS when $wgShowExceptionDetails = false and browser sends non-standard url escaping CVE-2017-8808. Reflected File Download from api.php CVE-2017-8809. On private wikis, login form shouldn't distinguish between login failure due to bad username and bad password CVE-2017-8810. It's possible to...
MGASA-2015-0486 Updated mediawiki packages fix security vulnerabilities
Updated mediawiki packages fix security vulnerabilities: In MediaWiki before 1.23.12, an XSS vector exists when MediaWiki is configured with a non-standard configuration, from wikitext when $wgArticlePath='$1' CVE-2015-8622. In MediaWiki before 1.23.12, tokens were being compared as strings, whic...
MGASA-2015-0320 Updated mediawiki packages fix security vulnerabilities
The mediawiki package has been updated to version 1.23.10, which fixes multiple security issues and other bugs. See the release announcement for more details...
MGASA-2015-0142 Updated mediawiki packages fix security vulnerabilities
Updated mediawiki packages fix security vulnerabilities: In MediaWiki before 1.23.9, one could circumvent the SVG MIME blacklist for embedded resources. This allowed an attacker to embed JavaScript in the SVG CVE-2015-2931. In MediaWiki before 1.23.9, the SVG filter to prevent injecting JavaScrip...
MGASA-2014-0400 Updated mediawiki packages fix security vulnerbilities
Updated mediawiki packages fix security vulnerability: MediaWiki before 1.23.4 is vulnerable to cross-site scripting due to JavaScript injection via CSS in uploaded SVG files CVE-2014-7199. MediaWiki before 1.23.5 is vulnerable to cross-site scripting due to JavaScript injection via user-specific...
MGASA-2013-0368 Updated mediawiki packages fix security vulnerabilities
Updated mediawiki packages fix security vulnerabilities: Kevin Israel Wikipedia user PleaseStand identified and reported two vectors for injecting Javascript in CSS that bypassed MediaWiki's blacklist CVE-2013-4567, CVE-2013-4568. Internal review while debugging a site issue discovered that...