28 matches found
CVE-2026-34088 RecentChanges entries expose suppressed content via generated log page html
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This issue affects MediaWiki: from before 1.43.7, 1.44.4, 1.45.2...
DLA-4249-1 mediawiki - security update
Bulletin has no description...
PT-2025-28245 · Mediawiki · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: Mediawiki - AbuseFilter Extension versions 1.39.0 through 1.39.12 Mediawiki - AbuseFilter Extension versions 1.42.0 through 1.42.6 Mediawiki - AbuseFilter Extension versions 1.43.0 through 1.43.1 Description: The issue is related to a Missing...
PT-2025-28214 · Mediawiki +1 · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: Mediawiki - RelatedArticles Extension versions 1.43.X through 1.43.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks...
PT-2025-28014 · Mediawiki +1 · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: Mediawiki - IPInfo Extension versions 1.39.X through 1.39.12 Mediawiki - IPInfo Extension versions 1.42.X through 1.42.6 Mediawiki - IPInfo Extension versions 1.43.X through 1.43.1 Description: The issue is related to Uncontrolled Resource...
PT-2025-28015 · Mediawiki +1 · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: Mediawiki - IPInfo Extension versions 1.39.X through 1.39.12 Mediawiki - IPInfo Extension versions 1.42.X through 1.42.6 Mediawiki - IPInfo Extension versions 1.43.X through 1.43.1 Description: The issue affects the Mediawiki - IPInfo...
PT-2025-27639 · Mediawiki +1 · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: Mediawiki - MintyDocs Extension versions 1.39.X through 1.43.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks...
[SECURITY] Fedora 42 Update: mediawiki-1.43.1-1.fc42
MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances...
BIT-MEDIAWIKI-2025-3469 i18n XSS vulnerability in HTMLMultiSelectField when sections are used
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLMultiSelectField.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6,...
PT-2025-16132 · Mediawiki · Mediawiki Extension:Oauth
Name of the Vulnerable Software and Affected Versions: Mediawiki - OAuth Extension versions 1.39 through 1.43 Description: The issue is related to an Incorrect Authorization vulnerability that allows Authentication Bypass in the Mediawiki - OAuth Extension. This flaw highlights the importance of...
PT-2025-16137 · Mediawiki · Mediawiki
Name of the Vulnerable Software and Affected Versions: Mediawiki - HTML Tags versions 1.39 through 1.43 Description: The issue is related to improper input validation, allowing Cross-Site Scripting XSS in Mediawiki - HTML Tags. This is due to a lack of proper validation of user input, which can...
[SECURITY] Fedora 40 Update: mediawiki-1.41.5-1.fc40
MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances...
The vulnerability of the SportsTeams extension of the software for implementing the MediaWiki hypertext environment allows a hacker to compromise the integrity of the protected information.
The vulnerability of the SportsTeams extension of the MediaWiki software, which is used to implement a hypertext environment, relates to the lack of permission checking. Exploiting this vulnerability could allow an attacker operating remotely to compromise the integrity of the protected informati...
PT-2024-3267 · Mediawiki +1 · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.39.6 MediaWiki versions 1.40.x prior to 1.40.2 MediaWiki versions 1.41.x prior to 1.41.1 Description: The issue is related to the UnlinkedWikibase extension in MediaWiki, where improper neutralization of input...
PT-2024-3256 · Mediawiki +1 · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.39.7 MediaWiki versions 1.40.x prior to 1.40.3 MediaWiki versions 1.41.x prior to 1.41.1 Description: The issue is related to the incorrect neutralization of input during web page creation in the...
[SECURITY] Fedora 38 Update: mediawiki-1.39.3-1.fc38
MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances...
The vulnerability of the ContentModelChange function in the software for implementing a hypertext environment like MediaWiki allows attackers to compromise the integrity of the protected information.
The vulnerability of the ContentModelChange function in the MediaWiki software, which is used to implement the hypertext environment, relates to the absence of authentication. Exploiting this vulnerability could allow a malicious actor, operating remotely, to compromise the integrity of the...
DLA-2379-3 mediawiki - regression update
Bulletin has no description...
DEBIAN-CVE-2019-12466
Wikimedia MediaWiki through 1.32.1 allows CSRF...
DSA-4036-1 mediawiki - security update
Bulletin has no description...