22 matches found
EUVD-2021-17093
Malware in sbrugna...
CVE-2024-34701
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users to be considered as the requester of a specific wiki request if their local user ID on any wiki in a wiki farm matches the local ID of the requester at the wiki where the wiki request was made...
CVE-2024-34701 CreateWiki vulnerable to impersonation of wiki requester
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users to be considered as the requester of a specific wiki request if their local user ID on any wiki in a wiki farm matches the local ID of the requester at the wiki where the wiki request was made...
CVE-2024-34701 CreateWiki vulnerable to impersonation of wiki requester
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users to be considered as the requester of a specific wiki request if their local user ID on any wiki in a wiki farm matches the local ID of the requester at the wiki where the wiki request was made...
CVE-2024-34701
Summary: CVE-2024-34701 affects Miraheze’s CreateWiki MediaWiki extension. An attacker could be considered the requester for a wiki request if their local user ID on any wiki in the farm matches the requester’s local ID on the target wiki, enabling actions the requester is allowed to perform via ...
CVE-2024-34701 CreateWiki vulnerable to impersonation of wiki requester
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users to be considered as the requester of a specific wiki request if their local user ID on any wiki in a wiki farm matches the local ID of the requester at the wiki where the wiki request was made...
The vulnerability of the SportsTeams extension of the software for implementing the MediaWiki hypertext environment allows a hacker to compromise the integrity of the protected information.
The vulnerability of the SportsTeams extension of the software for implementing the hypertext environment MediaWiki is related to the lack of checks for the anti-CSRF token in Special:SportsTeamsManager and Special:UpdateFavoriteTeams. Exploiting this vulnerability could allow a malicious actor t...
BIT-MEDIAWIKI-2021-30157
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On ChangesList special pages such as Special:RecentChanges and Special:Watchlist, some of the rcfilters-filter- label messages are output in HTML unescaped, leading to XSS...
BIT-MEDIAWIKI-2021-36131
An XSS issue was discovered in the SportsTeams extension in MediaWiki through 1.36. Within several special pages, a privileged user could inject arbitrary HTML and JavaScript within various data fields. The attack could easily propagate across many pages for many users...
Cross site request forgery (csrf)
An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It does not check for the anti-CSRF edit token in Special:SportsTeamsManager and Special:UpdateFavoriteTeams...
PT-2023-8945 · Mediawiki +2 · Mediawiki Sportsteams Extension +2
Name of the Vulnerable Software and Affected Versions: MediaWiki SportsTeams extension versions 1.35.x through 1.35.11 MediaWiki SportsTeams extension versions 1.36.x through 1.39.4 MediaWiki SportsTeams extension versions 1.40.x through 1.40.0 Description: An issue was discovered in the...
CVE-2021-36130
An XSS issue was discovered in the SocialProfile extension in MediaWiki through 1.36. Within several gift-related special pages, a privileged user with the awardmanage right could inject arbitrary HTML and JavaScript within various gift-related data fields. The attack could easily propagate acros...
CVE-2021-36131
An XSS issue was discovered in the SportsTeams extension in MediaWiki through 1.36. Within several special pages, a privileged user could inject arbitrary HTML and JavaScript within various data fields. The attack could easily propagate across many pages for many users...
CVE-2021-36131
An XSS issue was discovered in the SportsTeams extension in MediaWiki through 1.36. Within several special pages, a privileged user could inject arbitrary HTML and JavaScript within various data fields. The attack could easily propagate across many pages for many users...
PT-2021-21127 · Mediawiki +1 · Mediawiki +2
Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.36 SocialProfile extension in MediaWiki versions through 1.36 Description: An XSS issue was discovered in the SocialProfile extension within MediaWiki. A privileged user with the awardmanage right could inject...
Cross-Site Scripting (XSS)
mediawiki is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript in a user's browser via the label messages ChangesList special pages such as Special:RecentChanges and Special:Watchlist...
CVE-2021-30157
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On ChangesList special pages such as Special:RecentChanges and Special:Watchlist, some of the rcfilters-filter- label messages are output in HTML unescaped, leading to XSS...
Cross site scripting
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On ChangesList special pages such as Special:RecentChanges and Special:Watchlist, some of the rcfilters-filter- label messages are output in HTML unescaped, leading to XSS...
CVE-2021-30157
MediaWiki CVE-2021-30157 affects the core web UI: on ChangesList pages (Special:RecentChanges, Special:Watchlist) rcfilters-filter-* labels were emitted as unescaped HTML, enabling cross-site scripting. Affected versions are MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. The is...
DEBIAN-CVE-2015-8628
The 1 Special:MyPage, 2 Special:MyTalk, 3 Special:MyContributions, 4 Special:MyUploads, and 5 Special:AllMyUploads pages in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 allow remote attackers to obtain sensitive user login information via crafted...