14 matches found
EUVD-2021-17092
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2021-30156
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Special:Contributions can leak that a hidden user exists...
MediaWiki < 1.31.12 Special Contributions Hidden User Leakage
According to its self-reported version number, the instance of MediaWiki hosted on the remote web server is prior to 1.31.12 or 1.32.x prior to 1.35.2. It is, therefore, affected by a vulnerability in Special:Contributions that can leak that hidden users exist. Note that the scanner has not teste...
The vulnerability of the Special:Contributions component of the MediaWiki software, which allows for the implementation of a hypertext environment. This vulnerability enables a hacker to carry out XSS attacks.
The vulnerability of the Special:Contributions component of the MediaWiki software lies in the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...
PT-2022-26060 · Mediawiki +1 · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.35.8 MediaWiki versions 1.36.x through 1.37.4 MediaWiki versions 1.38.x through 1.38.2 Description: An issue was discovered in MediaWiki. When changes made by an IP address are reassigned to a user using...
Hardcoded credentials
An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won't be escaped...
CVE-2022-34912
An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won't be escaped...
GHSA-RJ9P-8JXJ-2CH4 MediaWiki Cross-site Scripting (XSS) vulnerability
An issue was discovered in MediaWiki 1.34.x before 1.34.3. On Special:Contributions, the NS filter uses unescaped messages as keys in the option key for an HTMLForm specifier. This is vulnerable to a mild XSS if one of those messages is changed to include raw HTML...
DEBIAN-CVE-2021-41800
MediaWiki before 1.36.2 allows a denial of service resource consumption because of lengthy query processing time. Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled...
PT-2021-18636 · Mediawiki +1 · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.31.12 MediaWiki versions 1.32.x through 1.35.1 Description: An issue in MediaWiki allows Special:Contributions to leak the existence of a "hidden" user. Recommendations: For MediaWiki versions prior to 1.31.12,...
DEBIAN-CVE-2020-25812
An issue was discovered in MediaWiki 1.34.x before 1.34.4. On Special:Contributions, the NS filter uses unescaped messages as keys in the option key for an HTMLForm specifier. This is vulnerable to a mild XSS if one of those messages is changed to include raw HTML...
UBUNTU-CVE-2020-25812
An issue was discovered in MediaWiki 1.34.x before 1.34.4. On Special:Contributions, the NS filter uses unescaped messages as keys in the option key for an HTMLForm specifier. This is vulnerable to a mild XSS if one of those messages is changed to include raw HTML...
PT-2020-6809 · Mediawiki +1 · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: MediaWiki versions 1.34.x through 1.34.3 Description: An issue was discovered in MediaWiki where the NS filter on Special:Contributions uses unescaped messages as keys in the option key for an HTMLForm specifier. This is vulnerable to a mild...
DEBIAN-CVE-2013-7444
The Special:Contributions page in MediaWiki before 1.22.0 allows remote attackers to determine if an IP is autoblocked via the "Change block" text...