8 matches found
CVE-2019-16529
The vulnerability CVE-2019-16529 affects the MediaWiki CheckUser extension up to version 1.35.0 . The issue is that oversighted edit summaries are still visible in CheckUser results, which violates MediaWiki’s permissions model. The connected sources confirm the existence of this exposure but do ...
CVE-2015-2940
CVE-2015-2940 is a CSRF flaw in the MediaWiki CheckUser extension that can allow a remote attacker to hijack a user’s session and retrieve sensitive information. The connected advisories corroborate this as part of multiple vulnerabilities affecting MediaWiki, with remediation guidance to upgrade...
CVE-2019-18611
CVE-2019-18611 affects the MediaWiki CheckUser extension (up to v1.34). The issue enables certain sensitive information contained in oversighted edit summaries to be visible via the MediaWiki API to users with varying access levels. Underlying cause and impact are that confidentiality can be part...
CVE-2025-67478
CVE-2025-67478: In Wikimedia Foundation CheckUser (includes/Mail/UserMailer.Php), commas in RFC 2822 style headers were not escaped, allowing downstream misinterpretation as value separators. Affected: MediaWiki/CheckUser components implicated by the CVE; Debian/Ubuntu advisories map this CVE to ...
CVE-2025-61658
CVE-2025-61658 pertains to Wikimedia Foundation CheckUser. The vulnerability is tied to the GlobalContributionsPager.Php component and affects CheckUser versions prior to 1.43.4 and 1.44.1. From the connected records, the issue is documented across NVD, Red Hat, CVE listings, and other feeds, wit...
CVE-2026-34090
The vulnerability CVE-2026-34090 affects Wikimedia Foundation CheckUser, versions 1.45.0 to 1.45.1. It exposes sensitive information to an unauthorized actor (confidentiality impact). No exploit details are provided in the connected documents. Remediation: upgrade to version 1.45.2 (per PT-2026-3...
CVE-2025-61648
CVE-2025-61648 is a Cross-Site Scripting (XSS) vulnerability in Wikimedia Foundation CheckUser. Affected components are the front-end scripts ShowIPButton.Vue and the back-end Admin/Block logic in SpecialBlock.Js. The issue arises from improper neutralization of input during web page generation. ...
CVE-2025-61651
CVE-2025-61651 is an XSS vulnerability in Wikimedia Foundation CheckUser, caused by improper neutralization of input during web page generation in the file modules/ext.CheckUser/checkuser/checkUserHelper/buildUserElement.Js. The issue affects CheckUser from variants before version 1.44.1. Public ...