Lucene search
K

17 matches found

OSV
OSV
added 2025/07/03 12:0 a.m.4 views

DSA-5957-1 mediawiki - security update

Bulletin has no description...

8.8CVSS6AI score0.00454EPSS
Exploits0
Debian
Debian
added 2025/04/13 12:29 p.m.18 views

[SECURITY] [DSA 5901-1] mediawiki security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5901-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 13, 2025 https://www.debian.org/security/faq -...

2.3CVSS6.6AI score0.00362EPSS
Exploits0
OSV
OSV
added 2025/04/13 12:0 a.m.13 views

DSA-5901-1 mediawiki - security update

Bulletin has no description...

2.1CVSS6.6AI score0.00362EPSS
Exploits0
Debian
Debian
added 2024/10/05 5:55 p.m.9 views

[SECURITY] [DSA 5785-1] mediawiki security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5785-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 05, 2024 https://www.debian.org/security/faq -...

5.3CVSS6.5AI score0.00441EPSS
Exploits1
Debian
Debian
added 2024/09/26 1:37 p.m.13 views

[SECURITY] [DLA 3896-1] mediawiki security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3896-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk September 26, 2024 https://wiki.debian.org/LTS -...

6.1CVSS5.8AI score0.00681EPSS
Exploits1
Debian
Debian
added 2023/08/22 11:8 p.m.36 views

[SECURITY] [DLA 3540-1] mediawiki security update

Debian LTS Advisory DLA-3540-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany August 23, 2023 https://wiki.debian.org/LTS Package : mediawiki Version : 1:1.31.16-1+deb10u6 CVE ID : CVE-2023-29141 An auto-block can occur for an untrusted X-Forwarded-For header in...

9.8CVSS6.1AI score0.01194EPSS
Exploits0
Debian
Debian
added 2023/07/10 8:45 p.m.40 views

[SECURITY] [DLA 3489-1] mediawiki security update

Debian LTS Advisory DLA-3489-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany July 10, 2023 https://wiki.debian.org/LTS Package : mediawiki Version : 1:1.31.16-1+deb10u5 CVE ID : CVE-2022-47927 A security issue was discovered in MediaWiki, a website engine for...

5.5CVSS5.9AI score0.00269EPSS
Exploits1
OSV
OSV
added 2021/07/12 8:26 p.m.11 views

MGASA-2021-0346 Updated mediawiki packages fix a security vulnerability

In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots have certain unintended API access. When a bot account has a "sitewide block" applied, it is able to still "purge" pages through the MediaWiki Action API which a "sitewide block" should have prevented...

7.5CVSS7.6AI score0.01943EPSS
Exploits1References4
OSV
OSV
added 2020/04/15 10:12 a.m.7 views

MGASA-2020-0167 Updated mediawiki packages fix security vulnerability

Updated mediawiki packages fix security vulnerability: In MediaWiki before 1.31.7, users can add various Cascading Style Sheets CSS classes which can affect what content is shown or hidden in the user interface to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because...

5.3CVSS5.1AI score0.01123EPSS
Exploits1References3
OSV
OSV
added 2020/01/05 3:37 p.m.4 views

MGASA-2020-0021 Updated mediawiki packages fix security vulnerability

Updated mediawiki packages fix security vulnerability: MediaWiki through 1.33.1 allows attackers to bypass the Titleblacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editi...

6.1CVSS6.4AI score0.01564EPSS
Exploits1References3
ArchLinux
ArchLinux
added 2018/09/25 12:0 a.m.30 views

[ASA-201809-5] mediawiki: multiple issues

Arch Linux Security Advisory ASA-201809-5 ========================================= Severity: Medium Date : 2018-09-25 CVE-ID : CVE-2018-0503 CVE-2018-0505 CVE-2018-13258 Package : mediawiki Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-765 Summary ======= The...

6.5CVSS0.9AI score0.02056EPSS
Exploits1References11
OSV
OSV
added 2017/11/29 6:52 p.m.13 views

MGASA-2017-0429 Updated mediawiki packages fix security vulnerabilities

XSS when $wgShowExceptionDetails = false and browser sends non-standard url escaping CVE-2017-8808. Reflected File Download from api.php CVE-2017-8809. On private wikis, login form shouldn't distinguish between login failure due to bad username and bad password CVE-2017-8810. It's possible to...

9.8CVSS7.6AI score0.99999EPSS
Exploits19References3
OSV
OSV
added 2015/12/24 11:8 a.m.9 views

MGASA-2015-0486 Updated mediawiki packages fix security vulnerabilities

Updated mediawiki packages fix security vulnerabilities: In MediaWiki before 1.23.12, an XSS vector exists when MediaWiki is configured with a non-standard configuration, from wikitext when $wgArticlePath='$1' CVE-2015-8622. In MediaWiki before 1.23.12, tokens were being compared as strings, whic...

9.8CVSS6.8AI score0.01888EPSS
Exploits0References4
OSV
OSV
added 2015/08/21 6:54 p.m.4 views

MGASA-2015-0320 Updated mediawiki packages fix security vulnerabilities

The mediawiki package has been updated to version 1.23.10, which fixes multiple security issues and other bugs. See the release announcement for more details...

7.3AI score
Exploits0References3
OSV
OSV
added 2015/04/09 10:44 p.m.8 views

MGASA-2015-0142 Updated mediawiki packages fix security vulnerabilities

Updated mediawiki packages fix security vulnerabilities: In MediaWiki before 1.23.9, one could circumvent the SVG MIME blacklist for embedded resources. This allowed an attacker to embed JavaScript in the SVG CVE-2015-2931. In MediaWiki before 1.23.9, the SVG filter to prevent injecting JavaScrip...

7.1CVSS5.6AI score0.0271EPSS
Exploits1References4
OSV
OSV
added 2014/10/07 9:22 a.m.7 views

MGASA-2014-0400 Updated mediawiki packages fix security vulnerbilities

Updated mediawiki packages fix security vulnerability: MediaWiki before 1.23.4 is vulnerable to cross-site scripting due to JavaScript injection via CSS in uploaded SVG files CVE-2014-7199. MediaWiki before 1.23.5 is vulnerable to cross-site scripting due to JavaScript injection via user-specific...

4.3CVSS6AI score0.01983EPSS
Exploits0References6
OSV
OSV
added 2013/12/12 10:21 p.m.9 views

MGASA-2013-0368 Updated mediawiki packages fix security vulnerabilities

Updated mediawiki packages fix security vulnerabilities: Kevin Israel Wikipedia user PleaseStand identified and reported two vectors for injecting Javascript in CSS that bypassed MediaWiki's blacklist CVE-2013-4567, CVE-2013-4568. Internal review while debugging a site issue discovered that...

7.5CVSS6.7AI score0.02142EPSS
Exploits0References4
Rows per page
Query Builder