Vulnerabilites related to Universal-Omega - DynamicPageList3
CVE-2025-53625 (GCVE-0-2025-53625)
Vulnerability from cvelistv5
Published
2025-07-10 18:31
Modified
2025-07-10 19:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor
Summary
The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. Several #dpl parameters can leak usernames that have been hidden using revision deletion, suppression, or the hideuser block flag. The vulnerability is fixed in 3.6.4.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Universal-Omega | DynamicPageList3 |
Version: < 3.6.4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53625",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-10T19:01:36.096118Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T19:01:40.977Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/Universal-Omega/DynamicPageList3/security/advisories/GHSA-7pgw-q3qp-6pgq"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DynamicPageList3",
"vendor": "Universal-Omega",
"versions": [
{
"status": "affected",
"version": "\u003c 3.6.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. Several #dpl parameters can leak usernames that have been hidden using revision deletion, suppression, or the hideuser block flag. The vulnerability is fixed in 3.6.4."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T18:31:22.996Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Universal-Omega/DynamicPageList3/security/advisories/GHSA-7pgw-q3qp-6pgq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Universal-Omega/DynamicPageList3/security/advisories/GHSA-7pgw-q3qp-6pgq"
},
{
"name": "https://github.com/Universal-Omega/DynamicPageList3/commit/a3dae0c89fb4214390c29ceffa23bbe2099986d6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Universal-Omega/DynamicPageList3/commit/a3dae0c89fb4214390c29ceffa23bbe2099986d6"
}
],
"source": {
"advisory": "GHSA-7pgw-q3qp-6pgq",
"discovery": "UNKNOWN"
},
"title": "DynamicPageList3 exposes hidden/suppressed usernames"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-53625",
"datePublished": "2025-07-10T18:31:22.996Z",
"dateReserved": "2025-07-07T14:20:38.388Z",
"dateUpdated": "2025-07-10T19:01:40.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-41118 (GCVE-0-2021-41118)
Vulnerability from cvelistv5
Published
2021-10-04 18:35
Modified
2024-08-04 02:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Summary
The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. In affected versions unsanitised input of regular expression date within the parameters of the DPL parser function, allowed for the possibility of ReDoS (Regex Denial of Service). This has been resolved in version 3.3.6. If you are unable to update you may also set `$wgDplSettings['functionalRichness'] = 0;` or disable DynamicPageList3 to mitigate.
References
| ► | URL | Tags |
|---|---|---|
|
|
||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Universal-Omega | DynamicPageList3 |
Version: < 3.3.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:59:31.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Universal-Omega/DynamicPageList3/security/advisories/GHSA-8f24-q75c-jhf4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Universal-Omega/DynamicPageList3/commit/2c04dafb37a14d9ccfe070f53e7f11bbca0156e7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Universal-Omega/DynamicPageList3/releases/tag/3.3.6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DynamicPageList3",
"vendor": "Universal-Omega",
"versions": [
{
"status": "affected",
"version": "\u003c 3.3.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. In affected versions unsanitised input of regular expression date within the parameters of the DPL parser function, allowed for the possibility of ReDoS (Regex Denial of Service). This has been resolved in version 3.3.6. If you are unable to update you may also set `$wgDplSettings[\u0027functionalRichness\u0027] = 0;` or disable DynamicPageList3 to mitigate."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-04T18:35:10",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Universal-Omega/DynamicPageList3/security/advisories/GHSA-8f24-q75c-jhf4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Universal-Omega/DynamicPageList3/commit/2c04dafb37a14d9ccfe070f53e7f11bbca0156e7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Universal-Omega/DynamicPageList3/releases/tag/3.3.6"
}
],
"source": {
"advisory": "GHSA-8f24-q75c-jhf4",
"discovery": "UNKNOWN"
},
"title": "ReDoS in DynamicPageList3",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-41118",
"STATE": "PUBLIC",
"TITLE": "ReDoS in DynamicPageList3"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DynamicPageList3",
"version": {
"version_data": [
{
"version_value": "\u003c 3.3.6"
}
]
}
}
]
},
"vendor_name": "Universal-Omega"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. In affected versions unsanitised input of regular expression date within the parameters of the DPL parser function, allowed for the possibility of ReDoS (Regex Denial of Service). This has been resolved in version 3.3.6. If you are unable to update you may also set `$wgDplSettings[\u0027functionalRichness\u0027] = 0;` or disable DynamicPageList3 to mitigate."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Universal-Omega/DynamicPageList3/security/advisories/GHSA-8f24-q75c-jhf4",
"refsource": "CONFIRM",
"url": "https://github.com/Universal-Omega/DynamicPageList3/security/advisories/GHSA-8f24-q75c-jhf4"
},
{
"name": "https://github.com/Universal-Omega/DynamicPageList3/commit/2c04dafb37a14d9ccfe070f53e7f11bbca0156e7",
"refsource": "MISC",
"url": "https://github.com/Universal-Omega/DynamicPageList3/commit/2c04dafb37a14d9ccfe070f53e7f11bbca0156e7"
},
{
"name": "https://github.com/Universal-Omega/DynamicPageList3/releases/tag/3.3.6",
"refsource": "MISC",
"url": "https://github.com/Universal-Omega/DynamicPageList3/releases/tag/3.3.6"
}
]
},
"source": {
"advisory": "GHSA-8f24-q75c-jhf4",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-41118",
"datePublished": "2021-10-04T18:35:10",
"dateReserved": "2021-09-15T00:00:00",
"dateUpdated": "2024-08-04T02:59:31.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}