Cross-site Scripting (XSS)

Overview mediawiki/core is a Free software wiki application developed by the Wikimedia Foundation and others. Note: This package is not maintained on Packagist anymore, but newer releases exist. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the...

CVE-2025-6590 Complete content leak of private wikis due to PasswordReset Wikitext injection in error message

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLUserTextField.Php. This issue affects MediaWiki: from through 1.39.12, 1.42.76 1.43.1, 1.44.0...

CVE-2025-6590 Complete content leak of private wikis due to PasswordReset Wikitext injection in error message

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLUserTextField.Php. This issue affects MediaWiki: from through 1.39.12, 1.42.76 1.43.1, 1.44.0...

CVE-2025-6590

CVE-2025-6590 concerns MediaWiki. The vulnerability allows an unauthorized actor to disclose sensitive information via the program file includes/htmlform/fields/HTMLUserTextField.Php, affecting MediaWiki versions from any up to 1.39.12, 1.42.76, 1.43.1, and 1.44.0. The Red Hat description confirm...

EUVD-2024-26878

Malicious code in bioql PyPI...

EUVD-2022-5838

Malicious code in bioql PyPI...

CVE-2024-29898 Oversight in fix for GHSA-4rcf-3cj2-46mq may have exposed suppressed wiki requests on private wikis

CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. An oversight during the writing of the patch for CVE-2024-29897 may have exposed suppressed wiki requests to private wikis that added Special:RequestWikiQueue to the read whitelist to users without the read permission...

CVE-2024-29898

The CVE-2024-29898 entry concerns Miraheze’s CreateWiki (MediaWiki extension). Affected behavior: during patching for CVE-2024-29897, an oversight could cause suppressed wiki requests listed on Special:RequestWikiQueue to be accessible to users on private wikis who had the (read) permission not r...

CVE-2024-29898 Oversight in fix for GHSA-4rcf-3cj2-46mq may have exposed suppressed wiki requests on private wikis

CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. An oversight during the writing of the patch for CVE-2024-29897 may have exposed suppressed wiki requests to private wikis that added Special:RequestWikiQueue to the read whitelist to users without the read permission...

CVE-2024-29898 Oversight in fix for GHSA-4rcf-3cj2-46mq may have exposed suppressed wiki requests on private wikis

CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. An oversight during the writing of the patch for CVE-2024-29897 may have exposed suppressed wiki requests to private wikis that added Special:RequestWikiQueue to the read whitelist to users without the read permission...

CreateWiki 安全漏洞

CreateWiki is Miraheze's MediaWiki extension for requesting and creating wikis. A security vulnerability exists in CreateWiki that could expose suppressed wiki requests to private wikis...

CVE-2021-44854

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis...

CVE-2021-44854

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis...

DEBIAN-CVE-2021-44854

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis...

UBUNTU-CVE-2021-44854

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis...

CVE-2021-44854

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis...

GHSA-599V-W48H-RJRM XWiki Platform Web Templates vulnerable to Missing Authorization, Exposure of Private Personal Information to Unauthorized Actor

Impact Through the suggestion feature, string and list properties of objects the user shouldn't have access to can be accessed. This includes private personal information like email addresses and salted password hashes of registered users but also other information stored in properties of objects...

CVE-2022-36092 XWiki Platform Old Core vulnerable to Authentication Bypass Using the Login Action

XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Prior to versions 14.2 and 13.10.4, all rights checks that would normally prevent a user from viewing a document on a wiki can be bypassed using the login action and directly specified templates. This exposes...

img_auth.php may leak private extension images into the public cache

In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the imgauth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because...

MediaWiki licensing issue vulnerability (CNVD-2022-03907)

MediaWiki is a free and free-to-use web-based wiki engine from the U.S. Wikimedia MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. mediaWiki suffers from an authorization issue vulnerability that stems from a lack of...