17 matches found
CVE-2025-23074
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Mediawiki - SocialProfile Extension allows Functionality Misuse.This issue affects Mediawiki - SocialProfile Extension: from 1.39.X before 1.39.11, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2...
EUVD-2021-22762
Malware in sbrugna...
EUVD-2025-3106
Malicious code in bioql PyPI...
CVE-2021-36130
An XSS issue was discovered in the SocialProfile extension in MediaWiki through 1.36. Within several gift-related special pages, a privileged user with the awardmanage right could inject arbitrary HTML and JavaScript within various gift-related data fields. The attack could easily propagate acros...
CVE-2025-23074
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Mediawiki - SocialProfile Extension allows Functionality Misuse.This issue affects Mediawiki - SocialProfile Extension: from 1.39.X before 1.39.11, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2...
CVE-2025-23074 Special:EditProfile exposes the contents of profile fields marked "hidden"/friends or "friends of friends" when the privileged user isn't a friend of the user whose profile they edit(ed)
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Mediawiki - SocialProfile Extension allows Functionality Misuse.This issue affects Mediawiki - SocialProfile Extension: from 1.39.X before 1.39.11, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2...
CVE-2025-23074 Special:EditProfile exposes the contents of profile fields marked "hidden"/friends or "friends of friends" when the privileged user isn't a friend of the user whose profile they edit(ed)
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Mediawiki - SocialProfile Extension allows Functionality Misuse.This issue affects Mediawiki - SocialProfile Extension: from 1.39.X before 1.39.11, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2...
CVE-2025-23074
CVE-2025-23074 affects the Wikimedia MediaWiki SocialProfile Extension, with an information-disclosure flaw in Special:EditProfile. Versions affected: 1.39.X before 1.39.11, 1.41.X before 1.41.3, and 1.42.X before 1.42.2. Root cause: contents marked as hidden or restricted fields can be exposed t...
MediaWiki 信息泄露漏洞
MediaWiki is a suite of free and freely available web-based Wiki engines from the Wikimedia Foundation in the United States. The product can be used to deploy internal knowledge management and content management systems. An information disclosure vulnerability exists in Mediawiki - SocialProfile...
BIT-MEDIAWIKI-2021-36130
An XSS issue was discovered in the SocialProfile extension in MediaWiki through 1.36. Within several gift-related special pages, a privileged user with the awardmanage right could inject arbitrary HTML and JavaScript within various gift-related data fields. The attack could easily propagate acros...
CVE-2022-42000
Cross-site Scripting XSS vulnerability in BlueSpiceSocialProfile extension of BlueSpice allows user with comment permissions to inject arbitrary HTML into the comment section of a wikipage...
CVE-2021-36130
An XSS issue was discovered in the SocialProfile extension in MediaWiki through 1.36. Within several gift-related special pages, a privileged user with the awardmanage right could inject arbitrary HTML and JavaScript within various gift-related data fields. The attack could easily propagate acros...
CVE-2021-36130
An XSS issue was discovered in the SocialProfile extension in MediaWiki through 1.36. Within several gift-related special pages, a privileged user with the awardmanage right could inject arbitrary HTML and JavaScript within various gift-related data fields. The attack could easily propagate acros...
Cross site scripting
An XSS issue was discovered in the SocialProfile extension in MediaWiki through 1.36. Within several gift-related special pages, a privileged user with the awardmanage right could inject arbitrary HTML and JavaScript within various gift-related data fields. The attack could easily propagate acros...
CVE-2021-36130
CVE-2021-36130 is an XSS vulnerability in the MediaWiki SocialProfile extension (through version 1.36). A privileged user with the awardmanage right could inject arbitrary HTML/JavaScript into various gift-related data fields on several gift-related pages, with the attack potentially propagating ...
CVE-2021-36130
An XSS issue was discovered in the SocialProfile extension in MediaWiki through 1.36. Within several gift-related special pages, a privileged user with the awardmanage right could inject arbitrary HTML and JavaScript within various gift-related data fields. The attack could easily propagate acros...
PT-2021-21127 · Mediawiki +1 · Mediawiki +2
Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.36 SocialProfile extension in MediaWiki versions through 1.36 Description: An XSS issue was discovered in the SocialProfile extension within MediaWiki. A privileged user with the awardmanage right could inject...