30 matches found
CVE-2023-45374
An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It does not check for the anti-CSRF edit token in Special:SportsTeamsManager and Special:UpdateFavoriteTeams...
CVE-2023-45370
An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. SportsTeams: Special:SportsManagerLogo and Special:SportsTeamsManagerLogo do not check for the sportsteamsmanager user right, and thus an attacker may ...
EUVD-2021-22763
Malware in sbrugna...
EUVD-2023-49662
Malicious code in bioql PyPI...
EUVD-2023-49666
Malicious code in bioql PyPI...
CVE-2021-36131
An XSS issue was discovered in the SportsTeams extension in MediaWiki through 1.36. Within several special pages, a privileged user could inject arbitrary HTML and JavaScript within various data fields. The attack could easily propagate across many pages for many users...
The vulnerability of the SportsTeams extension of the software for implementing the MediaWiki hypertext environment allows a hacker to compromise the integrity of the protected information.
The vulnerability of the SportsTeams extension of the MediaWiki software, which is used to implement a hypertext environment, relates to the lack of permission checking. Exploiting this vulnerability could allow an attacker operating remotely to compromise the integrity of the protected informati...
The vulnerability of the SportsTeams extension of the software for implementing the MediaWiki hypertext environment allows a hacker to compromise the integrity of the protected information.
The vulnerability of the SportsTeams extension of the software for implementing the hypertext environment MediaWiki is related to the lack of checks for the anti-CSRF token in Special:SportsTeamsManager and Special:UpdateFavoriteTeams. Exploiting this vulnerability could allow a malicious actor t...
BIT-MEDIAWIKI-2021-36131
An XSS issue was discovered in the SportsTeams extension in MediaWiki through 1.36. Within several special pages, a privileged user could inject arbitrary HTML and JavaScript within various data fields. The attack could easily propagate across many pages for many users...
BIT-MEDIAWIKI-2023-45370
An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. SportsTeams: Special:SportsManagerLogo and Special:SportsTeamsManagerLogo do not check for the sportsteamsmanager user right, and thus an attacker may ...
BIT-MEDIAWIKI-2023-45374
An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It does not check for the anti-CSRF edit token in Special:SportsTeamsManager and Special:UpdateFavoriteTeams...
CVE-2023-45374
An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It does not check for the anti-CSRF edit token in Special:SportsTeamsManager and Special:UpdateFavoriteTeams...
CVE-2023-45370
An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. SportsTeams: Special:SportsManagerLogo and Special:SportsTeamsManagerLogo do not check for the sportsteamsmanager user right, and thus an attacker may ...
CVE-2023-45374
An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It does not check for the anti-CSRF edit token in Special:SportsTeamsManager and Special:UpdateFavoriteTeams...
CVE-2023-45370
An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. SportsTeams: Special:SportsManagerLogo and Special:SportsTeamsManagerLogo do not check for the sportsteamsmanager user right, and thus an attacker may ...
Cross site request forgery (csrf)
An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It does not check for the anti-CSRF edit token in Special:SportsTeamsManager and Special:UpdateFavoriteTeams...
Code injection
An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. SportsTeams: Special:SportsManagerLogo and Special:SportsTeamsManagerLogo do not check for the sportsteamsmanager user right, and thus an attacker may ...
MediaWiki Security Breach
MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in MediaWiki, which stems from the SportsTeams extension that doe...
CVE-2023-45374
The CVE-2023-45374 entry concerns the SportsTeams extension for MediaWiki. Affected versions before 1.35.12, 1.36.x–1.39.x before 1.39.5, and 1.40.x before 1.40.1 do not validate the anti-CSRF edit token in Special:SportsTeamsManager and Special:UpdateFavoriteTeams, enabling potential CSRF risk. ...
MediaWiki Security Breach
MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. MediaWiki suffers from a security vulnerability that stems from the fact that the SportsTeams...