CVE-2021-31547

An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. Its AbuseFilterCheckMatch API reveals suppressed edits and usernames to unprivileged users through the iteration of crafted AbuseFilter rules...

EUVD-2021-18452

Malware in sbrugna...

Unspecified vulnerability in MediaWiki (CNVD-2021-37745)

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in MediaWiki version 1.35.2 and prior versions, which stems from the...

MediaWiki cross-site scripting vulnerability (CNVD-2021-37741)

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. A cross-site scripting vulnerability exists in MediaWiki version 1.35.2 and prior versions, which allows t...

MediaWiki suffers from an unspecified vulnerability (CNVD-2021-35231)

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in MediaWiki version 1.35.2 and prior versions, which stems from account...

MediaWiki cross-site scripting vulnerability (CNVD-2021-37742)

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. A cross-site scripting vulnerability exists in MediaWiki version 1.35.2 and prior versions, which stems fr...

Unspecified vulnerability in MediaWiki (CNVD-2021-37744)

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in MediaWiki version 1.35.2 and earlier versions, which stems from the fac...

PT-2021-19418 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.35.2 Description: An issue was discovered in the AbuseFilter extension for MediaWiki, allowing a MediaWiki user who is partially blocked or was unsuccessfully blocked to bypass AbuseFilter and have their edits...

PT-2021-19423 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.35.2 Description: An issue in the AbuseFilter extension for MediaWiki allows certain rules related to blocking accounts after account creation to be executed incorrectly. This could enable user accounts to be...

PT-2021-19424 · Mediawiki +1 · Checkuser Extension +2

Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.35.2 Description: An issue in the CheckUser extension allows MediaWiki usernames with trailing whitespace to be stored in the cu log database table, causing denial of service for certain CheckUser extension pages...

MediaWiki 输入验证错误漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. An input validation error vulnerability exists in MediaWiki version 1.35.2 and prior versions, which stems...

MediaWiki 信息泄露漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. An information disclosure vulnerability exists in MediaWiki version 1.35.2 and prior versions, which stems...

MediaWiki 信息泄露漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. An information disclosure vulnerability exists in MediaWiki version 1.35.2 and prior versions, which stems...

MediaWiki 代码问题漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. A code issue vulnerability exists in MediaWiki version 1.35.2 and prior versions, which stems from the...

MediaWiki AbuseFilter extension 安全漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in MediaWiki version 1.35.2 and earlier versions, which stems from the fac...

MediaWiki AbuseFilter extension 安全漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in MediaWiki version 1.35.2 and prior versions, which stems from incorrect...

MediaWiki 跨站脚本漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. A cross-site scripting vulnerability exists in MediaWiki version 1.35.2 and prior versions, which stems fr...

CVE-2021-30159

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Users can bypass intended restrictions on deleting pages in certain "fast double move" situations. MovePage::isValidMoveTarget uses FOR UPDATE, but it's only called if Title::getArticleID returns non-zero...

CVE-2021-30157

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On ChangesList special pages such as Special:RecentChanges and Special:Watchlist, some of the rcfilters-filter- label messages are output in HTML unescaped, leading to XSS...

CVE-2021-30154

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On Special:NewFiles, all the mediastatistics-header- messages are output in HTML unescaped, leading to XSS...