CVE-2025-10354 Reflected Cross-Site Scripting (XSS) in Semantic MediaWiki

Cross-Site Scripting XSS vulnerability reflected in Semantic MediaWiki. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL using the '/index.php/Speciaal:GefacetteerdZoeken' endpoint parameter. This vulnerability can be exploit...

PT-2026-30180

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contained an issue within the mm/huge memory component, specifically in the move pages huge pmd function. This function incorrectly handled NULL folios when processing...

CVE-2024-47816 Users can impersonate import requesters if their actor IDs coincide in ImportDump

ImportDump is a mediawiki extension designed to automate user import requests. A user's local actor ID is stored in the database to tell who made what requests. Therefore, if a user on another wiki happens to have the same actor ID as someone on the central wiki, the user on the other wiki can ac...

PT-2024-2679 · Mediawiki +1 · Watchanalytics Extension +2

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.40.2 WatchAnalytics extension in MediaWiki affected versions not specified Description: An issue in the WatchAnalytics extension allows for XSS to occur via the Special:PageStatistics page parameter. This can...

CVE-2021-41565

TadTools special page parameter does not properly restrict the input of specific characters, thus remote attackers can inject JavaScript syntax without logging in, and further perform reflective XSS attacks...

CVE-2021-41565

CVE-2021-41565 affects Tad Tools TadTools. The issue is a cross-site scripting vulnerability caused by insufficient validation of input on a special page parameter, enabling remote attackers to inject JavaScript without logging in and potentially perform reflective XSS. Primary impact is client-s...

MediaWiki GlobalNewFiles 输入验证错误漏洞

GlobalNewFiles is an extension of the MediaWiki Foundation that provides a special page to view all files of a wiki farm globally. An input validation error vulnerability exists in GlobalNewFiles, which stems from the fact that the list of users of the special GlobalNewFiles page is vulnerable to...

CVE-2014-9481

The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML...

CVE-2019-14807

In the MobileFrontend extension 1.31 through 1.33 for MediaWiki, XSS exists within the edit summary field in includes/specials/MobileSpecialPageFeed.php...

QiboCMS /member/special.php SQL注入

No description provided by source...

Unspecified Arbitrary Code Execution Vulnerability in Microsoft SharePoint

Microsoft Silverlight is a cross-browser, cross-platform plug-in that brings the next generation of .NETFramework-based media experiences and rich interactive applications to the Web. A security vulnerability exists in Microsoft SharePoint, where the program fails to properly validate special pag...