2 matches found
MGASA-2024-0155 Updated mediawiki packages fix security vulnerabilities
Mediawiki v1.40.0 does not validate namespaces used in XML files. Therefore, if the instance administrator allows XML file uploads, a remote attacker with a low-privileged user account can use this exploit to become an administrator by sending a malicious link to the instance administrator...
MGASA-2020-0381 Updated mediawiki packages fix security vulnerability
Multiple security issues were discovered in MediaWiki: SpecialUserRights could leak whether a user existed or not, multiple code paths lacked HTML sanitisation allowing for cross-site scripting and TOTP validation applied insufficient rate limiting against brute force attempts CVE-2020-25812,...