Managewiki Security Vulnerabilities and Issues — Managewiki CVE List

Lucene search

MirahezeManagewiki

4 matches found

CVE•added 2025/04/24 9:15 p.m.•48 views

CVE-2025-43861

ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 2f177dc, ManageWiki is vulnerable to reflected or stored XSS in the review dialog. A logged-in attacker must change a form field to include a malicious payload. If that same user then opens the "Review Changes" dial...

4.4CVSS4.4AI score0.00039EPSS

CVE•added 2025/04/22 6:16 p.m.•44 views

CVE-2025-32964

ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 00bebea, when enabling a conflicting extension, a restricted extension would be automatically disabled even if the user did not hold the ManageWiki-restricted right. This issue has been patched in commit 00bebea. A ...

4.6CVSS4.6AI score0.00034EPSS

CVE•added 2021/04/28 10:15 p.m.•42 views

CVE-2021-29483

ManageWiki is an extension to the MediaWiki project. The 'wikiconfig' API leaked the value of private configuration variables set through the ManageWiki variable to all users. This has been patched by https://github.com/miraheze/ManageWiki/compare/99f3b2c8af18...befb83c66f5b.patch. If you are unabl...

9.4CVSS7.7AI score0.00441EPSS

CVE•added 2024/02/09 11:15 p.m.•33 views

CVE-2024-25109

ManageWiki is a MediaWiki extension allowing users to manage wikis. Special:ManageWiki does not escape escape interface messages on the columns and help keys on the form descriptor. An attacker may exploit this and would have a cross site scripting attack vector. Exploiting this on-wiki requires th...

6.5CVSS6.2AI score0.0029EPSS