35 matches found
BIT-MEDIAWIKI-2021-30156
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Special:Contributions can leak that a "hidden" user exists...
BIT-MEDIAWIKI-2021-41800
MediaWiki before 1.36.2 allows a denial of service resource consumption because of lengthy query processing time. Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled...
CVE-2022-41767
An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. When changes made by an IP address are reassigned to a user using reassignEdits.php, the changes will still be attributed to the IP address on Special:Contributions when doing a range...
Updated mediawiki packages fix security vulnerability
HTMLUserTextField exposes existence of hidden users CVE-2022-41765. reassignEdits doesn't update results in an IP range check on Special:Contributions CVE-2022-41767...
mediawiki -- multiple vulnerabilities
Mediawiki reports: T316304, CVE-2022-41767 SECURITY: reassignEdits doesn't update results in an IP range check on Special:Contributions.. T309894, CVE-2022-41765 SECURITY: HTMLUserTextField exposes existence of hidden users. T307278, CVE-2022-41766 SECURITY: On action=rollback the message...
CVE-2022-34912
An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won't be escaped...
CVE-2022-34912
An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won't be escaped...
GHSA-C8WV-QWWC-6J73 MediaWiki allows a denial of service
MediaWiki before 1.36.2 allows a denial of service resource consumption because of lengthy query processing time. Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled...
MediaWiki allows a denial of service
MediaWiki before 1.36.2 allows a denial of service resource consumption because of lengthy query processing time. Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled...
MediaWiki Cross-site Scripting (XSS) vulnerability
An issue was discovered in MediaWiki 1.34.x before 1.34.3. On Special:Contributions, the NS filter uses unescaped messages as keys in the option key for an HTMLForm specifier. This is vulnerable to a mild XSS if one of those messages is changed to include raw HTML...
CVE-2021-41800
MediaWiki before 1.36.2 allows a denial of service resource consumption because of lengthy query processing time. Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled...
CVE-2021-41800
MediaWiki before 1.36.2 allows a denial of service resource consumption because of lengthy query processing time. Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled...
Code injection
MediaWiki before 1.36.2 allows a denial of service resource consumption because of lengthy query processing time. Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled...
CVE-2021-41800
MediaWiki before 1.36.2 allows a denial of service resource consumption because of lengthy query processing time. Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled...
CVE-2021-41800
MediaWiki before 1.36.2 is affected by CVE-2021-41800, a denial-of-service due to resource consumption from lengthy SQL processing in Special:Contributions, caused by mishandling PoolCounter protection. The issue is documented in multiple sources (including GHSA advisory and Debian/Fedora securit...
CVE-2021-41800
MediaWiki before 1.36.2 allows a denial of service resource consumption because of lengthy query processing time. Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled...
CVE-2021-41800
MediaWiki before 1.36.2 allows a denial of service resource consumption because of lengthy query processing time. Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled...
CVE-2021-41800
A flaw was found in MediaWiki, where Visiting Special:Contributions may result in a long query due to mishandled PoolCounter protection. This issue may cause resource exhaustion, resulting in a denial of service. The highest threat from this vulnerability is to system availability...
CVE-2021-30156
In mediawiki package, the "Special:Contributions" functionality can leak information that a "hidden" user exists...
Information Disclosure
MediaWiki is vulnerable to information disclosure. Special:Contributions can leak that a "hidden" user exists...