21 matches found
EUVD-2020-30203
Malware in sbrugna...
EUVD-2020-23291
Malware in sbrugna...
EUVD-2015-6675
Malware in sbrugna...
CVE-2020-9382
An issue was discovered in the Widgets extension through 1.4.0 for MediaWiki. Improper title sanitization allowed for the execution of any wiki page as a widget as defined by this extension via MediaWiki's widget: parser function...
CVE-2020-35625
An issue was discovered in the Widgets extension for MediaWiki through 1.35.1. Any user with the ability to edit pages within the Widgets namespace could call any static function within any class defined within PHP or MediaWiki via a crafted HTML comment, related to a Smarty template. For example...
Unspecified vulnerability in MediaWiki (CNVD-2021-09326)
MediaWiki is a set of free and freely available web-based Wiki engines from the MediaWiki Wikimedia Foundation in the United States. It can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in MediaWiki version 1.35.1 and earlier...
CVE-2020-35625
An issue was discovered in the Widgets extension for MediaWiki through 1.35.1. Any user with the ability to edit pages within the Widgets namespace could call any static function within any class defined within PHP or MediaWiki via a crafted HTML comment, related to a Smarty template. For example...
Design/Logic Flaw
An issue was discovered in the Widgets extension for MediaWiki through 1.35.1. Any user with the ability to edit pages within the Widgets namespace could call any static function within any class defined within PHP or MediaWiki via a crafted HTML comment, related to a Smarty template. For example...
CVE-2020-35625
An issue was discovered in the Widgets extension for MediaWiki through 1.35.1. Any user with the ability to edit pages within the Widgets namespace could call any static function within any class defined within PHP or MediaWiki via a crafted HTML comment, related to a Smarty template. For example...
CVE-2020-35625
CVE-2020-35625 affects the MediaWiki Widgets extension (versions up to 1.35.1). A crafted HTML comment in the Widgets namespace can trigger execution of arbitrary static functions defined in PHP/MediaWiki via a Smarty template, enabling potential code execution for users able to edit Widgets page...
MediaWiki 安全漏洞
MediaWiki is a set of free and freely available web-based Wiki engines from the MediaWiki Wikimedia Foundation in the United States. It can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in MediaWiki version 1.35.1 and earlier...
PT-2020-17372 · Mediawiki +1 · Mediawiki +2
Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.35.1 Widgets extension for MediaWiki versions through 1.35.1 Description: An issue was discovered in the Widgets extension for MediaWiki, where any user with the ability to edit pages within the Widgets namespace...
CVE-2020-9382
An issue was discovered in the Widgets extension through 1.4.0 for MediaWiki. Improper title sanitization allowed for the execution of any wiki page as a widget as defined by this extension via MediaWiki's widget: parser function...
CVE-2020-9382
An issue was discovered in the Widgets extension through 1.4.0 for MediaWiki. Improper title sanitization allowed for the execution of any wiki page as a widget as defined by this extension via MediaWiki's widget: parser function...
CVE-2020-9382
The CVE-2020-9382 entry refers to the MediaWiki Widgets extension (versions up to 1.4.0). The issue is due to improper title sanitization, allowing any wiki page to be executed as a widget via the {{#widget:}} parser function. Affected component: Widgets extension for MediaWiki; root cause: title...
CVE-2020-9382
An issue was discovered in the Widgets extension through 1.4.0 for MediaWiki. Improper title sanitization allowed for the execution of any wiki page as a widget as defined by this extension via MediaWiki's widget: parser function...
MediaWiki Widgets Extension Cross-Site Scripting Vulnerability
MediaWiki is the Wikimedia Foundation and MediaWiki volunteers to develop and maintain a set of free and free Web-based Wiki engine , it can be used to deploy internal knowledge management and content management system . Widgets is one of the wiki page templates can be embedded in the HTML page...
CVE-2015-6737
Cross-site scripting XSS vulnerability in the Widgets extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via vectors involving base64 encoded content...
Cross site scripting
Cross-site scripting XSS vulnerability in the Widgets extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via vectors involving base64 encoded content...
CVE-2015-6737
Cross-site scripting XSS vulnerability in the Widgets extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via vectors involving base64 encoded content...