Lucene search
+L
MediawikiCheckuser

8 matches found

CVE
CVE
added 2020/03/19 10:51 p.m.76 views

CVE-2019-16529

The vulnerability CVE-2019-16529 affects the MediaWiki CheckUser extension up to version 1.35.0 . The issue is that oversighted edit summaries are still visible in CheckUser results, which violates MediaWiki’s permissions model. The connected sources confirm the existence of this exposure but do ...

5.3CVSS5.3AI score0.0087EPSS
CVE
CVE
added 2015/04/13 2:0 p.m.64 views

CVE-2015-2940

CVE-2015-2940 is a CSRF flaw in the MediaWiki CheckUser extension that can allow a remote attacker to hijack a user’s session and retrieve sensitive information. The connected advisories corroborate this as part of multiple vulnerabilities affecting MediaWiki, with remediation guidance to upgrade...

6.8CVSS6.6AI score0.01103EPSS
CVE
CVE
added 2019/10/29 3:41 p.m.51 views

CVE-2019-18611

CVE-2019-18611 affects the MediaWiki CheckUser extension (up to v1.34). The issue enables certain sensitive information contained in oversighted edit summaries to be visible via the MediaWiki API to users with varying access levels. Underlying cause and impact are that confidentiality can be part...

6.5CVSS6.4AI score0.00926EPSS
CVE
CVE
added 2026/02/03 1:14 a.m.18 views

CVE-2025-67478

CVE-2025-67478: In Wikimedia Foundation CheckUser (includes/Mail/UserMailer.Php), commas in RFC 2822 style headers were not escaped, allowing downstream misinterpretation as value separators. Affected: MediaWiki/CheckUser components implicated by the CVE; Debian/Ubuntu advisories map this CVE to ...

8.8CVSS5.2AI score0.00304EPSS
CVE
CVE
added 2026/02/03 12:59 a.m.17 views

CVE-2025-61658

CVE-2025-61658 pertains to Wikimedia Foundation CheckUser. The vulnerability is tied to the GlobalContributionsPager.Php component and affects CheckUser versions prior to 1.43.4 and 1.44.1. From the connected records, the issue is documented across NVD, Red Hat, CVE listings, and other feeds, wit...

5.3CVSS5.3AI score0.00231EPSS
CVE
CVE
added 2026/05/11 2:50 p.m.17 views

CVE-2026-34090

The vulnerability CVE-2026-34090 affects Wikimedia Foundation CheckUser, versions 1.45.0 to 1.45.1. It exposes sensitive information to an unauthorized actor (confidentiality impact). No exploit details are provided in the connected documents. Remediation: upgrade to version 1.45.2 (per PT-2026-3...

7.5CVSS5.8AI score0.0028EPSS
CVE
CVE
added 2026/02/03 12:19 a.m.15 views

CVE-2025-61648

CVE-2025-61648 is a Cross-Site Scripting (XSS) vulnerability in Wikimedia Foundation CheckUser. Affected components are the front-end scripts ShowIPButton.Vue and the back-end Admin/Block logic in SpecialBlock.Js. The issue arises from improper neutralization of input during web page generation. ...

6.1CVSS5.3AI score0.00144EPSS
CVE
CVE
added 2026/02/03 12:53 a.m.13 views

CVE-2025-61651

CVE-2025-61651 is an XSS vulnerability in Wikimedia Foundation CheckUser, caused by improper neutralization of input during web page generation in the file modules/ext.CheckUser/checkuser/checkUserHelper/buildUserElement.Js. The issue affects CheckUser from variants before version 1.44.1. Public ...

6.1CVSS5.3AI score0.00187EPSS